Home

Single Sign-On

Create friction-free digital experiences for your advisors and clients
user shield

Overview

Single sign-on (SSO) integrations allow users to access multiple applications with one login credential. This type of integration can simplify and improve the user experience for both your clients and advisors, allowing them to seamlessly access data from multiple systems without the need to jump from application to application and recredential. Additionally, single sign-on capabilities allow your firm to scale as it grows, accommodating new applications and users without adding complexity to the user’s experience. Single sign-on also enhances security by eliminating the need for multiple passwords and can allow firm administrators to centrally manage advisor access and permissions across multiple business platforms.

Real World Solutions

Firms utilizing Wealth Access have used outbound single sign-on integrations from Wealth Access to other systems, such as performance reporting and online banking experiences, to allow their clients a single point of access to multiple applications. Alternatively, several firms have utilized inbound SSO integrations to Wealth Access for internal firm users, allowing advisors and other team members to access the Wealth Access portal from an internally used application without the need recredential.

Wealth Access to Black Diamond – Outbound SSO

Midland States Bank wanted to create a seamless user experience for their customers between the various applications used by the institution. One portion of that workflow was to allow their users of the Wealth Access system to be able to navigate from the Wealth Access portal into the Black Diamond portal to view their related portfolio performance data. By creating an outbound SSO integration from Wealth Access to the Black Diamond platform, Midland States Bank advisors and clients may hop from Wealth Access directly into their Black Diamond portal without the need to recredential. Users may easily navigate back to Wealth Access once finished in the Black Diamond experience.

How to Enable

Wealth Access supports both inbound and outbound single sign-on integrations via SAML or OAuth authentication. SSO integrations will require development effort from your technical team to implement. The Wealth Access team will consult your business and technical teams on the appropriate client identifiers for authentication and the anticipated user flow for the integration. If you need assistance in troubleshooting the integration, Wealth Access will require user access to your testing environment.

Process Overview

  • Engage Wealth Access to determine integration needs and authentication requirements
  • Code your solution
  • Test the integration

Deep Linking

Wealth Access currently supports deep-linking as an extension of our SAML-based SSO. It allows a user who is entering Wealth Access through SSO to arrive at a specific feature deeper within the platform experience. There are three basic experiences that deep-linking within Wealth Access currently supports:

  • View a role-specific widget – An investor user on the Wealth Access platform would arrive at a specific investor-based widget. An advisor user on the Wealth Access platform would arrive at a specific advisor-based widget.
  • Access a specific investor – Allows an advisor to enter Wealth Access as the investor (mimics the impersonation feature currently available to advisors within the Wealth Access portal) instead of his default advisor view. * Note, this requires that the specified investor has granted view-as/impersonation access to the advisor.
  • View a specific investor widget for that investor – This option is a combination of the two options detailed above and allows an advisor to enter Wealth Access as the investor (impersonation) and arrive at a specific investor-based widget for that investor.

Requirements

To implement these deep linking scenarios, there are two additional parameters that are necessary to pass along as part of the base64 encoded SAML assertion:

  • widgetKey – A unique code that specifies which widget the user is trying to view for an advisor or an investor he/she is accessing. The widget must be configured to be available for the given user within Wealth Access at the time the SSO request is initiated. This parameter is always required for deep-linking.
  • investorUsername – This should be the username of the investor (as it appears in Wealth Access) and it is only used when navigating to an investor-based widget. For an advisor or investor user attempting to SSO into his or her own Wealth Access portal experience or deep linking to a specific widget in his or her experience, this parameter is not necessary. This parameter is only necessary when an advisor is attempting to impersonate an investor within an SSO integration.