How does Entra ID/Entra ID integration for SSO work?
The DekkoSecure service is added to your Entra ID tenant as a third party enterprise application.
Integration is generally very straightforward and only requires that you accept integration permissions from a URL that we provide to you. This is followed by a simple testing process before full-scale use.
Do you support authentication services (ex. Okta)?
Yes. The DekkoSecure web application will follow whichever authentication rules are applied to it via your Entra ID conditional access controls. If this includes a service such as Okta, the user will be presented with an Okta authentication challenge; the same way that they would when logging in to your other Microsoft 365/SSO-connected services.
What happens if a user is removed from Entra ID?
Users who are deleted in Entra ID will lose access to the system and lose their content, because the key to their data is stored in the Entra ID custom attribute. If the user is offboarded but kept in Entra ID with access disabled, then content will remain.
The latter of these two scenarios is suitable in situations like sabbaticals, where a user’s access needs to be disabled and then reinstated later.
What happens if a user tries to sign in and is not a member of any Hubs?
If a user uses SSO to get log in and has no pending Hub invites, they will see the following message:
These users will not have access to any Hubs or files until they receive an invite and/or share.
What is the delineation of authentication and authorisation?
Access to Hubs and content is managed inside the DekkoSecure platform, and Entra ID security groups are used to manage access to the application itself.
What is the SSO/Entra ID user onboarding process?
DekkoSecure supports auto-provisioning of users after it is added to your Entra ID tenant as a third party enterprise application. New users simply press the corporate log in button on the DekkoSecure log in page and their account will be created.
If you also choose to nominate your an SSO domain with us (e.g., @agency.gov), your new users will always receive a registration email which contains a link that takes them to a dedicated SSO registration page:
Typically, a Tenancy admin will create a Hub for a specific purpose (they will then be an admin of that Hub), and then invite users to it. Invited users that authenticate via SSO will be added to the Hub automatically when their account provisions (and get access to shared files if there are any).
You can learn more about Hubs, roles and permission here.
How do we transition from standard accounts to SSO accounts?
Standard account with can be automatically migrated to SSO accounts seamlessly after SSO integration has been established.
If a standard DekkoSecure log in, ‘john@company.com’ is registered, the next time this user authenticates using the Entra ID account ‘john@company.com’, all data such as groups, files, messages, contacts and meetings will remain. The only difference will be the way the user is authenticated in to DekkoSecure platform. The standard DekkoSecure log in for this user will also no longer work.
Users that migrate their accounts are prompted for the DekkoSecure account password and 2FA if turned on, before migration takes place. Account migration typically takes less than one minute, depending on how many Hubs the user is a member of and how much content they have access to.