Single Sign-on from Blue Saffron

Blue Saffron Limited (BSL) has partnered with leading providers Okta and OneLogin to provide a comprehensive but flexible Single Sign-On solution that spans all of your web applications; whether they are in the cloud or behind the firewall.


Although the technology has been around for quite a while, Single Sign-On or SSO has just started gaining widespread adoption. But it is spreading like wildfire. In fact, if you surf the Web everyday, you are almost guaranteed to have seen many websites inviting you to login using one of a number of different applications

The Benefits are myriad but prime amongst which are:

Reduced support desk costs Time saving
Improved customer satisfaction Simplifies process , designed to enhance the experience
Boosts productivity Reduce incidence of failed passwords and resets
Improve compliance and secuity Encourage and enforce use of strong passwords and security applications
Facilitates B2B collaboration Simplifies collaborative endeavors between partner companies.

Key Features

A Network of Pre-Integrated Applications

Whether your web applications are in the cloud or behind the firewall, SSO Services support the broadest and deepest set of integration options to enable single sign-on. You don’t have to worry about how your vendor supports these features or do any integration work yourself, just select the app, configure your options, and deploy.

Including thousands of applications, the Application Network is an on-demand service where integrations are continuously validated, always up to date, and constantly growing both in number and capability.

A Network of Pre-Integrated Applications

Turnkey User Activation

Rolling out an SSO Service is as easy as creating new users, assigning them applications, and hitting activate. You can automatically import users from an existing user store such as Active Directory or other applications such as or Google Apps. Once activated, every user gets a welcome email complete with an overview video that guides them through setup and use. It’s just that easy.


Flexible Access Options

An SSO Service offers you and your end users a flexible set of options for leveraging the single sign-on capability.

Flexible Access Options

End-user Homepage

A complete, turnkey solution is offered that includes an end user portal with a customized set of applications for every end user. Once logged into the SSO Service, users gain access to every web application they need, be it in the cloud or behind the firewall. Their customizable homepage has a clean simple layout with clear icons that enable one click access to those applications. No more writing passwords on sticky notes or storing them in excel spreadsheets. An SSO Service also installs a custom set of “My Application” bookmarks in every browser so that users can get access to any web application by just clicking on the relevant bookmark. Access to our service is supported from all popular browsers including Internet Explorer, Firefox, Chrome and Safari.

Branded Web Portal

Have an employee portal that you want the solution to be integrated with? This can be supported too. You can use the SSO Services' APIs to embed the entire homepage, or just individual applications directly into your portal.

Mobile Web

The SSO Services' mobile app for iOS and Android keep employees productive on the go with complete single sign-on to mobile web applications in a mobile-friendly format. Once users have logged in to the SSO Service on their mobile, any web application is just one tap away, and opens in the SSO Services' mobile’s embedded browser. All of the apps that users access on their desktop are always available through the SSO Services' mobile app as well.

Flexible Access Options

The SSO Service Mobile Apps

Mobile users expect simplicity. In the age of consumerized IT, mobile enterprise apps must be as easy and accessible as their consumer counterparts. Typing passwords into smartphones is hard; remembering lots of unrelated usernames and passwords is worse.

An SSO sevices' mobile app provides single sign-on to native mobile applications. Once users have established a session in the SSO Service, logging in to any mobile app is as simple as entering an email address or company domain.

Mobile App Authentication

With an SSO Service, users can log in to any mobile application that supports federation standards like SAML or WS-FED with their existing corporate credentials. The log in page is familiar and security policies for IP or MFA are applied consistently for mobile applications as well as web applications.

Self Service Administration

An SSO Service includes several self service capabilities in each user’s home page including password management and their associated applications, visual layout customization, and new application provisioning.

If they forget their SSO Service password, the main login page supports password reset with just one click. Once logged in, every user can manage account information (username, email, password, etc.) and customize the layout of their homepage.

Self Service Administration

Single sign on self-service add application

Application credentials for those applications that are not managed centrally are editable, and users can easily add to or request more applications for their homepage.

Administrators can set policies to determine which applications are available for self service provisioning: personal, enterprise or both. To ensure end user privacy, personal applications, if added, are reported on only in the aggregate to IT. Usage reporting provides insight into the most popular self-provisioned applications so IT can identify applications that should be centrally managed and supported.

Single sign on self-service add application

Seamless Active Directory Integration

SSO Services have comprehensive Active Directory Integration means that users can log into the SSO Service using their Active Directory credentials. Or if you want to eliminate the SSO Service login process completely, the SSO Services' desktop Single Sign-On capability will automatically authenticate users once they log onto the Windows network in the morning, from a PC or a Mac, truly reducing access to just one password.