Single Sign-On

Overview

Single sign-on (SSO) integrations allow users to access multiple applications with one login credential. This is a standard integration for a majority of technologies and one that your business is likely already using with other vendors.

An SSO integration is intended to simplify and improve the user experience for both your clients and advisors, allowing them to seamlessly switch between Wealth Access and the other systems they use in their daily workflows. SSO also enhances security by eliminating the need for multiple passwords and can allow firm administrators to centrally manage advisor access and permissions across multiple business platforms.

Real World Solutions

Our clients tend to have 5-10 tools and systems that their internal teams and clients use, such as CRMs, financial planning, performance reporting and online banking experiences. The majority of those tools already utilize SSO to authenticate across systems to reduce passwords and increase security, making SSO integrations an easy way for firms to bring Wealth Access into their existing Technology Admin processes. Midland States Bank created seamless user experience for their customers with an outbound SSO integration from Wealth Access to Black Diamond, giving clients quick and easy access to their related portfolio performance data.

How to Enable

Wealth Access supports both inbound and outbound single sign-on integrations via SAML or OAuth authentication. SSO integrations will require development effort from your technical team to implement. The Wealth Access team will consult your business and technical teams on the appropriate client identifiers for authentication and the anticipated user flow for the integration. If you need assistance in troubleshooting the integration, Wealth Access will require user access to your testing environment.

Process Overview

• Engage Wealth Access to determine integration needs and authentication requirements
• Code your solution
• Test the integration

Deep Linking

Wealth Access currently supports deep-linking as an extension of our SAML-based SSO. It allows a user who is entering Wealth Access through SSO to arrive at a specific feature deeper within the platform experience. There are three basic experiences that deep-linking within Wealth Access currently supports:

• View a role-specific widget – An investor user on the Wealth Access platform would arrive at a specific investor-based widget. An advisor user on the Wealth Access platform would arrive at a specific advisor-based widget.
• Access a specific investor – Allows an advisor to enter Wealth Access as the investor (mimics the impersonation feature currently available to advisors within the Wealth Access portal) instead of his/her default advisor view. * Note, this requires that the specified investor has granted view-as/impersonation access to the advisor.
• View a specific investor widget for that investor – This option is a combination of the two options detailed above and allows an advisor to enter Wealth Access as the investor (impersonation) and arrive at a specific investor-based widget for that investor.

Requirements

To implement these deep linking scenarios, there are two additional parameters that are necessary to pass along as part of the base64 encoded SAML assertion:

• widgetKey – A unique code that specifies which widget the user is trying to view for an advisor or investor. The widget must be configured to be available for the given user within Wealth Access at the time the SSO request is initiated. This parameter is always required for deep-linking.
• investorUsername – This is the username of the investor (as it appears in Wealth Access) and it is only used when navigating to an investor-based widget. For a user attempting to SSO into his/her own Wealth Access portal experience or deep linking to a specific widget in his/her experience, this parameter is not necessary. This parameter is required when an advisor is attempting to impersonate an investor within an SSO integration.