What is SSO?

With SSO, you can log into Storable Easy - and eventually, all Storable applications - with a single user account instead of separate logins per app or facility. A new Single Sign On (SSO) dashboard has been created for this purpose and includes Multi-Factor Authentication (MFA) for enhanced security. SSO also gives you full administrative user management. You will no longer need to reach out to Storable Easy Support to reset passwords, resolve account lockouts, or complete other user management tasks.

This FAQ includes answers to common questions about implementing SSO and preregistration steps to ensure a smooth transition.

Watch this short video for a walkthrough of the SSO setup process:

Does my organization need to implement MFA?

Registering your organization for SSO is optional but recommended for enhanced security and PCI compliance. To meet Payment Card Industry Data Security Standard (PCI DSS) protocols, your organization may be required to implement Multi-Factor Authentication (MFA) by March 31, 2025. Enabling SSO allows you to transition your company’s login process to meet this requirement.

The most common category of cyberattacks is called Account Compromise Attacks, where cybercriminals obtain valid credentials either from the dark web or by tricking individuals into providing their login credentials. Once acquired, they can easily log into your systems and access sensitive operational and tenant data.

The most effective way to prevent this type of attack is by implementing Multi-Factor Authentication (MFA). A Microsoft study (*source) found MFA to be 99.9% effective at blocking account compromise attacks. It’s also worth noting that beginning on March 31st, MFA will be a requirement by the PCI DSS regulation for any system with access to cardholder data. 

How does logging into Storable Easy with SSO work?

If you choose to enroll your organization in SSO, the Storable Easy login screen will be updated to redirect users to the Storable SSO dashboard when they click the Log in button. After clicking Log in, the SSO dashboard login screen will open in your internet browser. Users will be prompted to set up an authentication method on the first login. At future logins, users will be asked to enter their login credentials and a verification code from their verification method.

If users on your account access more than one Storable FMS (Storable Edge, SiteLink by Storable, or Storable Easy), they can use their SSO User Account to log in to all applicable software.

SSO can also accommodate your company’s identity provider (IdP). If you’d like to use your IdP to establish a login for your software, or if you already use SSO to login and would like to switch to your IdP login credentials, please refer to our help article: Using Your Identity Provider’s Login with SSO.

What should I be aware of before registering my organization for SSO?

• Once SSO is turned on for your organization, it cannot be turned off.
• If you enable SSO for your organization, it will be turned on for all facilities associated with your Storable Easy company.
• SSO can require Multi-Factor Authentication (MFA) and users can utilize one or more of the following methods of authentication: Google Authenticator, Okta Verify App, Security Key or Biometric Authentication, SMS, and/or Email.
• Users will be required to complete an MFA challenge every 7, 14 (default), 30, or 90 days.
• After registration, all users on your account will be prompted to set up an SSO User Account and MFA. 
• You will have the choice to make SSO required or optional for users. Please note that MFA is required for PCI compliance. If optional, existing users will be reminded each time they log in, but all new users will be required to use SSO.
• User roles (Managers and Sales Associates) and settings of existing users will not change when using SSO. Once SSO is implemented for your organization, users will be created and configured in the SSO portal instead of within Storable Easy. Portal Admins can reset passwords, resolve account lockouts, and manage users in the SSO portal.
• In order to prevent login issues, we recommend whitelisting https://*storable.io with your router and/or the computers you use to access your Storable products. 

What do I need to do before registering?

1. Identify the administrative user who will be responsible for implementing SSO. Only one user should activate and configure your SSO settings. If MFA is activated without consulting the rest of your team or if multiple users attempt to activate SSO, your organization will likely experience widespread login issues.

 

2. If your employees share email addresses, we recommend giving each user an individual company email to simplify registration, login, and MFA. If you choose not to provide individual email addresses, please be aware of the following:

•  
  • Each employee who shares an email address will need to create a unique username. The username doesn’t have to be a valid email but must be formatted as an email address (Ex: john.doe@yourcompany.com). We recommend identifying the username format you wish your employees to use.
  • Employees with a shared email may not be able to reset their own passwords via email and may be required to contact an Admin user to get a temporary password.
  • If employees with a shared email make too many login attempts, they will be required to contact an Admin to unlock their account.
     

3. Decide which authentication method(s) you will allow your users to choose from. You can select one or more of the following: the Google Authenticator app, the Okta Verify app, Security Key or Biometric Authentication, SMS, and/or Email. If you choose Google Authenticator and/or Okta Verify, users must download the desired app on their phones.

 

4. Decide if you will make SSO optional or required. If SSO is optional, existing users will be prompted to set up SSO each time they log in; however, they can skip setting it up. All new users will be required to use SSO. We recommend starting with this setting as optional and choosing a date to make it required. This gives your employees time to complete registration while ensuring they can still access the system if any issues arise while it is optional. Be sure to communicate with your team throughout the process so everyone is prepared before access becomes mandatory. Once you make SSO required, you cannot change it back to be optional.
 

5. Decide which security settings you want users to have.

Lock-out policy for failed attempts: Should users get locked out of the software after failing to log in? If so, how many attempts will you allow before lockout? The maximum number of attempts you can set is 10. Users who get locked out will need to contact an administrator at your organization to regain access.

6. Communicate with your organization.

• Communicate with owners about registration and who will register.
• Communicate with non-owners about what to expect after registration (e.g., they will be prompted to set up their SSO User Account and MFA. Depending on your settings, they may need to download an authentication app).
• If users will be using Google Authenticator or Okta Verify, you may want to encourage users to install the correct app in advance. Please be aware that there may be copycat apps in the App Store, and ensure everyone is using the official app. Google Authenticator and Okta Verify do not cost anything.
• We’ve created communication recommendations and a template to help you communicate with your employees.

What resources are available to help me set up SSO at my organization?

To support you in rolling out SSO, we've put together helpful resources:

• Employee Communication: Use our communication recommendations and template to inform your team about SSO.
• Admin Setup: Follow the steps in our SSO Enablement Guide for Admins to enable it for your organization.
• Employee Setup: Direct your team to the SSO Enablement Guide for Non-Admins for their setup instructions.
• MFA Setup: If you're using Okta Verify or Google Authenticator for multi-factor authentication, refer to our MFA setup guide for step-by-step instructions.
• User Management: After SSO is set up, learn how to manage users in the Portal with our User Management Guide.
• Third-Party Identity Provider Login: If you’re interested in using your company’s identity provider to log in to your software, refer to our help article: Using Your Identity Provider’s Login with SSO.

Enable SSO and configure your settings

Once you're ready to enable SSO, follow the instructions in our article: SSO Enablement guide for Admins.

Please note: The first person to go through the MFA configuration process will be marked as the sole Admin for your account. By default, this person will be the only one who can add, delete, or edit existing users in addition to making MFA settings adjustments. If you would like to grant an additional user these permissions, you can do so by applying the Admin role to their user profile in the SSO portal.

Can I access Storable Easy while using incognito (anonymous) mode?

If your browser is in incognito (anonymous) mode, you must allow third-party cookies for SSO to function properly. 

Chrome browser instructions

Click the 3-dot menu button at the top-right corner of your Chrome browser.

Click Settings.

Click Privacy and Security.

Click Third-party cookies.

Turn on Allow third-party cookies.