About Admin Single Sign-On (SSO)

Single Sign-On (SSO) is an authentication process that allows users to access multiple applications or services with a single set of login credentials (such as username and password). Narmi offers SSO for the Admin Platform, so your staff users can log in to the Admin Platform via the same SSO provider you use for other applications at your institution. SSO enhances platform security, simplifies administration, and improves the user experience by making it easier to sign in, remember passwords, and trigger password resets.

Several companies provide SSO solutions, each offering its own set of features, integrations, and pricing options. Some of the most common SSO Identity Providers (IdPs) include Okta, Microsoft Azure Active Directory, Google Workspace, and Auth0. If you have an SSO IdP, your institution can directly configure SSO authentication for your staff users within the Admin Platform. This self-serve option allows flexibility in controlling and managing when to enable, disable, or update any SSO details based on your institution's preferences.

About Narmi's Admin SSO:

• There is no additional cost for Admin SSO.

• Our SSO uses the OpenID Connect (OIDC) protocol, not Security Assertion Markup Language (SAML).

• We currently support the following OIDC IdPs via self-service: Google Workspace, Microsoft Entra ID, Okta, and Amazon IAM. Please contact your Narmi Relationship Manager if you would like to add a different IdP.

• For some providers (like Okta and Microsoft Entra ID), we support IdP-initiated login, allowing your institution to add Narmi to your IdP dashboard.

• You must have Admin permissions in the Narmi Admin Platform to register a new SSO.

To get started by enabling SSO at your institution, go to Manage SSO.

Staff Users and SSO

Staff user info is updated automatically from the SSO provider. For instance, when a user's last name is changed in the SSO provider's directory, that updated name is reflected in the Narmi platform. Please note that user information in the Narmi platform does not get saved to the provider's directory, so the SSO directory is the source of truth for user information.

Adding SSO to an existing user does not take away their current username and password. By default, those credentials will remain valid if the staff user chooses to log in with them. Your institution has the option to turn this off and allow users to only sign in via SSO, not their username and password. To turn off the username and password login option, contact your Narmi Relationship Manager.

Log In with SSO

If your institution has enabled SSO, staff users with an account on the Admin Platform can sign in via SSO.

To log in:

1. Staff users select the link to log in with [provider name], for example, Log in with Okta.
   
   
   

2. In the dialog that appears (which varies depending on the SSO provider), users enter their credentials and follow the onscreen instructions to continue. Once authenticated, the Admin Platform opens to the Admin dashboard. The time between session reauthentication varies by SSO provider.