External Users

External users are those users that are created outside the Sana Commerce Cloud and linked to the users in Sana Admin.

Sana Commerce Cloud supports the following identity providers:

Microsoft Entra ID (formerly known as Azure Active Directory)
Okta Workforce Identity Cloud

Users can log in to Sana Admin with their Microsoft or Okta accounts using single sign-on.

Single sign-on (SSO) is a secure authentication method that allows users to sign in using one set of credentials to multiple independent software systems. It means users can log in once with their Microsoft or Okta account to access different apps, Sana Commerce Cloud, and other apps that use the SSO with Microsoft Entra ID or Okta Workforce Identity Cloud. Users do not need to log in to every application they use with different credentials, but instead, use the same Microsoft or Okta account to access different independent apps. Authentication takes place using Microsoft Entra ID or or Okta Workforce Identity Cloud, which means applying Microsoft or Okta security policies.

To log in to Sana Admin with a Microsoft or Okta account, you will need to:

Register a Sana Commerce Cloud application in the Microsoft Entra ID or Okta Admin Console.
Connect Sana Commerce Cloud to Microsoft Entra ID or Okta Workforce Identity Cloud.
Add a user to Microsoft Entra ID or Okta Admin Console.
Assign access for a user to the Sana Commerce Cloud application in Microsoft Entra ID or Okta Admin Console.
Add a user to Sana Admin to create a connection between a user in Microsoft Entra ID or Okta Admin Console and Sana Admin.

Connect Sana Commerce Cloud to Microsoft Entra ID or Okta Workforce Identity Cloud

NOTE

The single sign-on configuration is global for all your Sana Commerce Cloud applications. This means that if you have multiple webstores, this connection will be used for all your Sana Admin panels. You can only connect Sana Admin to one Microsoft Entra ID or Okta Workforce Identity Cloud.

Step 1: Log in to Sana Admin as a system administrator.

Step 2: Go to: System > User management.

Step 3: Under External users, click Configure.

Step 4: On the Configure Single Sign-On page, enable the option Single Sign-On for admin users, and enter the Application (client) ID and Authentication server of the Sana Commerce Cloud application that you created in the Microsoft Entra ID or Okta Admin Console.

Step 5: Enter the Login button text. It is shown on the Sana Admin login page.

Step 6: Click Save changes.

When Sana Commerce Cloud is connected to Microsoft Entra ID or Okta Workforce Identity Cloud, the login button with the specified text will be shown on the Sana Admin login page.

User Accounts: Create a User in Sana Admin

You must link users created in Microsoft Entra ID or Okta Admin Console to the same users in Sana Admin.

Step 1: Log in to Sana Admin as a system administrator.

Step 2: Go to: System > User management.

Step 3: Under External users, click New user.

Step 4: In the E-mail field, enter the e-mail of the user created in the Microsoft Entra ID or Okta Admin Console.

NOTE

The user's e-mail address must be the same in the Microsoft Entra ID or Okta Admin Console and Sana Admin.

Step 5: Assign one or more roles to the user. The assigned role determines the user's function and permissions within Sana Admin. See the list of permissions for each user role in the Sana Admin User Roles & Permissions file.

Step 6: Select the webstore that the user should have access to. If you have multiple webstores, the user can have access to one or more webstores.

When the Sana Commerce Cloud app is registered in the Microsoft Entra ID or Okta Admin Console, Sana Commerce Cloud is connected to the Microsoft Entra ID or Okta Workforce Identity Cloud, users are created in the Microsoft Entra ID or Okta Admin Console, assigned to the application and connected to the same users in Sana Admin, these users can log in to Sana Admin using their Microsoft or Okta accounts.

Good to Know

If you use a single sign-on for your Sana Admin users with Microsoft Entra ID or Okta Workforce Identity Cloud:

You can set up any security policies and restrictions in Microsoft Entra ID and Okta Admin Console, such as multi-factor authentication (MFA) and others.
You can enable and disable the account in Microsoft Entra ID and Okta Admin Console. The disabled users cannot log in to the applications.
Microsoft Entra ID and Okta Admin Console controls user password policies, such as password reset and password expiration. If users use their Microsoft or Okta accounts to log in to Sana Admin, they cannot use the forgot password functionality of Sana Commerce Cloud. Instead, they can use the Microsoft and Okta functionality.