Account Settings
      Back to home
      1. Support Center
      2. Financial Institutions
      3. Account Settings

      Single Sign On

      Green Check uses Auth0 for all user authentication, including our (optional) SSO implementation. We only support identity first SSO; this means that users will enter their username (email) and our system determines that the user is connected to an SSO org and we direct them the FI’s login page to authenticate. This differs from some people's perception of SSO, we do not have a “Log in with XYZ bank” button on our login page as we do not want all users to see the other FIs that have SSO.

      How it Works:

      Domain Routing: We determine if a users is associated with an SSO provider by their email domain, so a user with email bob@xyzbank.com will be navigates to XYZ SSO because their email ends with xyzbank.com. We can support multiple domains per sso implementation.

      User Creation: We also have JIT (just in time) user provisioning so that new authenticated users coming from the domain will be added as Green Check users, allowing the FI to easily add new users on their end.

      Login Experience: Once enabled for your organization, FI users will no longer be asked for a Green Check password. Instead, the Green Check login screen will automatically route users to the FI's authentication page, and re-route to the Green Check dashboard once authenticated.

      Types of SSO Supported

      SAML: Configuring SAML SSO requires the FI to send over the SAML metadata, we will in turn send over our saml metadata. These are xml files. Once received and configured, Green Check will corrdinate with the FI to conduct testing on a staging enviornment before promoting to production.

      Oauth: Configuring Oauth SSO requires an issuer url from the FI (should look something like https://xyzbank.com/.well-known/openid-configuration ). We use “Front Channel” type configuration, and we need a client ID for their provider. We have our scopes configured as “openid profile email”

      Getting Started

      To begin the setup process, please reach out to your Relationship Manager or contact us at support@greencheckverified.com. Our typical turnaround time for getting SSO enabled is 1-2 weeks.