Language:

Partner Portal

Hub (2G) / (4G) Jeweller

Hub 2 (2G) / (4G)

Hub Plus Jeweller

Hub 2 Plus

ReX

ReX 2

Superior Hub Hybrid (2G) / (4G)

Superior Hub Hybrid (4G) (without casing)

Hub BP Jeweller

Internal battery NB (7.2V/95Ah)

SpeakerPhone Jeweller

Superior SeismoProtect G3 Fibra

ExternalAntenna

DoorBell

IndoorCam

BulletCam HL

BulletCam

TurretCam HL

TurretCam

DomeCam Mini HL

DomeCam Mini

NVR

NVR H series

JunctionBox (118×59)

LifeQuality

LightSwitch (1-gang) Jeweller

LightSwitch (2-gang) Jeweller

LightSwitch (2-way) Jeweller

LightSwitch (2-gang/2-way) Jeweller

LightSwitch (Crossover) Jeweller

LightSwitch (Dimmer) Jeweller

Bypass (Dimmer) [55]

LightSwitch (1-gang) [120] Jeweller

LightSwitch (3-way) [120] Jeweller

LightSwitch (4-way) [120] Jeweller

Socket (type F)

Socket (type G)

Socket (type B) Jeweller

WallSwitch

Relay

Outlet [type F]

Outlet (basic) [type F]

Outlet [type E]

Outlet (basic) [type E]

Outlet (LAN)

CoverPlate

SurfaceBox [55]

Ajax WaterStop

MotionCam Jeweller

Superior MotionCam Fibra

MotionCam (PhOD) Jeweller

Superior MotionCam HD (PhOD) Jeweller

Superior MotionCam (PhOD) Jeweller

Superior MotionCam AM (PhOD) Jeweller

Superior MotionCam (PhOD) Fibra

Superior MotionProtect Jeweller

Superior MotionProtect G3 Fibra

Superior MotionProtect Plus G3 Fibra

Superior MotionProtect Fibra

MotionProtect Plus Jeweller

Superior MotionProtect Plus Jeweller

Superior MotionProtect Plus Fibra

CombiProtect

Superior CombiProtect Jeweller

Superior CombiProtect Fibra

DoorProtect

Superior DoorProtect Jeweller

Superior DoorProtect Fibra

Superior DoorProtect G3 Fibra

DoorProtect Plus

Superior DoorProtect Plus Jeweller

Superior DoorProtect Plus Fibra

GlassProtect

Superior GlassProtect Jeweller

Superior GlassProtect Fibra

MotionProtect Curtain

MotionProtect Outdoor Jeweller

MotionCam Outdoor Jeweller

MotionCam Outdoor (PhOD) Jeweller

MotionCam Outdoor HighMount (PhOD) Jeweller

Curtain Outdoor Jeweller

DualCurtain Outdoor

EN54 Fire Hub Jeweller

GlandBox

EN54 Internal Battery (24h)

EN54 Internal Battery (72h)

EN54 FireProtect (Heat) Jeweller

EN54 FireProtect (Heat/Sounder) Jeweller

EN54 FireProtect (Smoke) Jeweller

EN54 FireProtect (Smoke/Sounder) Jeweller

EN54 FireProtect (Sounder) Jeweller

EN54 FireProtect (Sounder/VAD) Jeweller

EN54 FireProtect (VAD) Jeweller

EN54 I/O Module (2X2) Jeweller

FireProtect 2 (Heat/Smoke/CO) UL

FireProtect 2 (Heat/Smoke) UL

FireProtect 2 RB (Heat) UL Jeweller

FireProtect 2 RB (CO) UL Jeweller

FireProtect 2 AC (Heat/Smoke/CO)

FireProtect 2 AC (Heat/Smoke)

FireProtect 2 AC (Heat/CO)

FireProtect 2 AC (Heat)

FireProtect 2 AC (CO)

FireProtect 2 SB (Heat/Smoke/CO) Jeweller

FireProtect 2 RB (Heat/Smoke/CO) Jeweller

FireProtect 2 SB (Heat/Smoke) Jeweller

FireProtect 2 RB (Heat/Smoke) Jeweller

FireProtect 2 SB (Heat/CO) Jeweller

FireProtect 2 RB (Heat/CO) Jeweller

FireProtect 2 SB (CO) Jeweller

FireProtect 2 RB (CO) Jeweller

FireProtect 2 SB (Heat) Jeweller

FireProtect 2 RB (Heat) Jeweller

ManualCallPoint (Red) Jeweller

CableTrunk

ManualCallPoint (Blue) Jeweller

ManualCallPoint (Green) Jeweller

ManualCallPoint (Yellow) Jeweller

ManualCallPoint (White) Jeweller

FireProtect

FireProtect Plus

LeaksProtect

Superior StreetSiren Plus Jeweller

Superior StreetSiren Plus Fibra

HomeSiren

Superior HomeSiren Jeweller

Superior HomeSiren Fibra

StreetSiren Jeweller

Superior StreetSiren Fibra

StreetSiren DoubleDeck

Superior StreetSiren DoubleDeck Jeweller

Superior StreetSiren DoubleDeck Fibra

DoubleButton

Button

Superior Button Jeweller

Ajax SpaceControl

Ajax Superior SpaceControl Jeweller

KeyPad TouchScreen

Superior KeyPad TouchScreen Fibra

KeyPad

KeyPad Outdoor Jeweller

Superior KeyPad Outdoor Fibra

Superior KeyPad Fibra

KeyPad Plus

Superior KeyPad Plus Jeweller

Tag

Pass

uartBridge

ocBridge Plus

Transmitter Jeweller

Superior Transmitter Fibra

MultiTransmitter Jeweller

Superior MultiTransmitter Fibra

Superior MultiTransmitter Fibra (without casing)

Superior MultiTransmitter IO (4X4) Fibra

vhfBridge

6V PSU (type A)

12V PSU for Hub/Hub Plus/ReX

12V PSU for Hub 2/ReX 2

12-24V PSU (type A)

12V PSU for NVR

Superior LineSupply (45 W) / (75 W) Fibra

Superior LineSplit Fibra

Superior LineProtect Fibra

Superior MultiRelay Fibra

Case A (106)

Case B (175)

Case C (260)

Case D (430)

Central units

Video Surveillance

Indoor security

Outdoor security

Controls and panic buttons

Fire protection

Flood protection

Sirens

Voice modules

Automation

Integrations

Antennas

Seismic detectors

Power Supply Units

Modules for Fibra line

Cases

Batteries
For Pro

App iOS PRO

Android PRO app

Ajax PRO Desktop

Video management system

ONVIF

Ajax Media Player

CMS Connection

PRO Integration
For Users

Ajax Services activation via card payment

iOS app

App for Apple Watch

Android app

Ajax Desktop

Account

Scenarios
Services

Ajax Photo Mode

Ultra DP

Ajax services handbook

Ajax SIM

Ajax Cloud Storage

Single sign-on in Ajax PRO apps

Updated

Along with the release of Ajax PRO Desktop v5.30 and Ajax PRO: Tool for Engineers v2.30 app versions, we have added the ability for company employees to log in with single sign-on (SSO) in Ajax PRO apps.

Log in with SSO allows companies to set up and manage employees’ access to Ajax PRO apps using identity providers (IdP) so that employees can authenticate via IdP using corporate credentials.

Learn more about SSO in Ajax PRO apps

Note that the Single sign-on (SSO) feature must be enabled and set up for the company in Ajax PRO Desktop to allow its employees to log in using SSO.

The Log in with SSO button is always available on the welcome page, regardless of whether SSO is configured for the company.

Operating principle

To log in to Ajax PRO apps with SSO, employees must enter their corporate email address and click Log in with SSO. If the company has an employee with such an email address and SSO is enabled and configured, the employee will be redirected to the IdP login page, where they have to authenticate using corporate credentials. If the authentication via IdP is successful, the employee will be logged in to their account in the app.

  • Single sign-on (SSO) is an authentication method that allows users to access multiple applications or systems with one set of login credentials. It simplifies user management, enhances security, and improves convenience by eliminating the need to log in to each service separately.
  • Identity providers (IdP) is a service that verifies users’ identities and provides authentication for SSO. It acts as a trusted source, issuing tokens that grant users access to connected applications without the need for multiple logins.

To use SSO for the company in Ajax PRO apps, the feature must be enabled and configured in the company settings in Ajax PRO Desktop. Only the company owner has the right to configure SSO. Refer to this section for more information on configuring SSO.

Once SSO is set up in Ajax PRO Desktop, it is possible to add employees who will be able to log in with SSO using their corporate email address. The PRO accounts of such employees contain only email and do not have passwords or phone numbers. Refer to this section for more information on employee accounts.

SSO in Ajax PRO apps uses the SAML (Security Assertion Markup Language) protocol for authentication. Security certificates are also required for SSO in Ajax PRO apps.

Setting up SSO for a company

Before setting up SSO for a company in Ajax PRO Desktop, configure it on the IdP side.

SSO settings are available in the company settings in Ajax PRO Desktop. Only the company owner can configure SSO.

To set up SSO in the Ajax PRO Desktop app:

  1. Go to the Company menu and select Single sign-on (SSO) in the side navigation menu.
  2. Check the Allow login with SSO option. More SSO settings will appear below.
  3. Enter the company’s email domain in the Company email domain field. Use the company.com format (without the @ symbol).
  4. If necessary, copy the required Service provider SAML settings to configure SSO on the IdP side.
  5. Fill SAML settings from identity provider:
    1. Enter the identity provider login URL.
    2. Optionally, enter the identity provider logout URL.
  6. Click Upload certificate to upload the certificate from the identity provider.
  7. Click Save to apply the settings.

Once settings are saved, Ajax public certificate will appear below the service provider’s SAML settings. Download the certificate from the Ajax PRO Desktop app and upload it to IdP.

Note that one company email domain can be used for SSO for different companies in Ajax PRO Desktop.

SSO cannot be set up for a private installer who is not a company employee in Ajax PRO Desktop.

Employee accounts

Once SSO is enabled and configured for the company in Ajax PRO Desktop, it is possible to add employees who can log in with SSO using their corporate email address.

Only the company owner or an employee with the right to manage employees can create or delete accounts for employees who can log in with SSO.

If the company already has employees with login and password accounts, they can log in either using SSO or their login and password when SSO is enabled.

Limitations for employee accounts that use SSO only

Employee accounts created in Ajax PRO Desktop that can log in only with SSO have the following limitations:

  • Accounts are passwordless. An employee can not log in to Ajax PRO apps with a login and password. Only logging in with SSO is available.
  • No phone number is linked to the account.
  • The email address cannot be changed in the account settings.
  • The account can not be deleted in the account settings.
  • Two-factor authentication settings are not available.
  • An employee with such an account cannot be invited to the space as a private installer. They can only be assigned to the object in the Ajax PRO Desktop app.

Adding an employee

Adding new employees to the company in Ajax PRO Desktop can only be done through the Employees section in the Ajax PRO Desktop app.

To add an employee who can log in using SSO, in Ajax PRO Desktop:

  1. Go to the Company menu and select Employees in the side navigation menu.
  2. Click Add employee.
  3. In the window that opens:
    1. Enter the employee’s email address in the Employee email field.
    2. Enter the employee’s First name and Last name in the corresponding fields.
    3. Check the required roles for the employee.
  4. Click Add to add the employee.

Once the employee is added, the system creates a new employee profile for the company. This employee can now log in to Ajax PRO apps using SSO.

If several companies in Ajax PRO Desktop have the same company email domain, it is possible to add an employee with the same email address to every company in Ajax PRO Desktop. When logging in, such an employee can select which company to log in to.

The email address used to create an employee in the company cannot be used to create a personal PRO account, as it is already taken.

Deleting an employee

Employees created through the Employees section in the Ajax PRO Desktop app can only be deleted using the same flow. Such employees cannot delete their accounts by themselves.

To delete an employee who can only log in using SSO, in Ajax PRO Desktop:

  1. Go to the Company menu and select Employees in the side navigation menu.
  2. Select the required employee.
  3. Click Delete profile in the menu that opens on the right.
  4. Click Delete to confirm employee deletion.

Note that if an employee’s corporate account is deactivated in IdP, this employee cannot log in to Ajax PRO apps using SSO, even if their profile is still in the list of company employees in Ajax PRO Desktop.

Logging in with SSO

  1. Open the Ajax PRO Desktop app.
  2. Enter your corporate email address or check the pre-filled credentials in the Email field.
  3. Click Log in with SSO.
  4. If your employee account is added to several companies, select the company you want to log in to and click Continue.
  5. The app should redirect you to the company’s IdP login page. Log in to IdP using your corporate credentials.
  6. After authentication via IdP, the system will automatically log you in to your account in the Ajax PRO Desktop app.

You must log in to the company’s IdP within 5 minutes of starting the login process. Otherwise, you will receive an error, and re-login is required.

If an employee is added to several companies and has logged in to one of them, they cannot switch to another company in Ajax PRO apps. The system requires them to log out of one company and log in to another.

Note that an employee cannot log in to or select a monitoring company when logging in via the mobile PRO app.

Logging out

To log out of the desktop app, click your company profile icon or image in the upper right corner of the app and select Sign out.

Note that the session in the company’s IdP may remain active for a certain period of time after logging out. This means that if an employee logs in to the Ajax PRO app again, they will not need to enter the credentials on the IdP login page. The duration of the IdP session depends on the IdP settings.

To ensure that the session in the company’s IdP ends when you log out, set Identity provider Logout URL up in the Single sign-on (SSO) settings in Ajax PRO Desktop. This can be useful when different employees use the same corporate computer or mobile device.

Subscribe to Ajax newsletters

Spelling error report

The following text will be sent to our editors:

Send