Single sign-on setup for CRS and voice application
Configure single sign-on authentication for enhanced security and convenience across CRS and voice application systems.
Single sign-on (SSO) provides enhanced security and user convenience for your CRS and voice application systems. This setup links your existing Microsoft or OKTA accounts to both production and UAT environments, allowing users to maintain their current access levels while streamlining the login process.
Single sign on (SSO) authentication integrates with your property or brand's existing identity management system:
Links to your Microsoft or OKTA accounts for authentication.
Maintains existing user access, roles and permissions across environments.
Requires a custom domain pointing to your secure environment. You can use an existing booking engine custom domain for SSO if one is already configured.
All users must use the same custom email domain across applications to maintain security and ensure only authorized personnel can access your systems.
Prerequisites and setup process
Required elements
Before implementing SSO, confirm you have or are happy to obtain:
Microsoft or OKTA account management system.
Custom domain for your property or brand.
Custom email domain for user authentication.
Authority to register Access Group products as partner applications.
Getting started
To begin SSO implementation:
Contact the support team [email protected] to confirm prerequisites and define next steps.
Your account manager can assist in adding SSO capabilities and custom domain services in your contract agreement.
Implementation and registration of Access Group products as partner applications in your Microsoft or OKTA system. Coordinated with the support team and hotel’s IT team.
Once complete your users with have new system login URLs and setup elements once all is complete.
User login workflow
CRS login
Follow the steps below to learn more how the user login workflow works for the CRS.
Go to your new custom CRS admin login URL.
Click Login with Microsoft or Okta.
Choose your account if multiple accounts are associated with your email address.
Click login.
Voice application login
Follow the steps below to learn more how the user login workflow works for the voice application.
Go to your new custom voice application login URL.
Click Login with Microsoft or Okta.
Choose your account if multiple accounts are associated with your email address.
Click login.
User security
When creating new users, it is recommended to:
Disable CRS MFA: Check this box to use SSO system MFA instead.
Disable CRS Login: Enable this checkbox to enforce SSO authentication.
⚠️Important: For maximum security, disable both MFA and CRS Login to enforce SSO authentication exclusively. User roles remain unchanged with SSO implementation.
Implementation timeline and coordination
SSO implementation typically takes a few weeks, depending on coordination between the technical teams. The process may be completed faster if you already have a custom subdomain configured for your booking engine.
The implementation requires collaboration between your IT team, our technical staff, and your identity management system administrators to ensure proper integration and testing.
Custom domain requirements and costs
Custom domains are required to direct users to the correct environment linked to their specific Microsoft or OKTA system. This ensures secure authentication routing and proper system access.
Monthly fees apply for custom domain services, covering ongoing testing, maintenance and support. These costs are consistent with other custom URL services provided.
Platform compatibility and expansion
SSO currently supports Microsoft and OKTA identity management systems. If your organization uses different identity management platforms, contact support to request consideration for future development planning.
Certificate management for Microsoft implementations
Microsoft SSO implementations use Client ID and Secret credentials with expiration dates. To maintain uninterrupted access:
Share updated credentials with the support team before expiration dates.
Choose the furthest future expiration date when configuring certificates.
Set calendar reminders for all responsible parties to address renewal timing.
Coordinate renewal activities to prevent service interruption.