Onboarding to Single Sign On(SSO)
Single Sign-on (SSO) is a mechanism that allows users to access multiple applications using a single set of credentials. Instead of having separate login credentials for each application, users can log in once and access all authorized applications seamlessly with SSO.
Uber supports SSO for administrators/coordinators to access the Uber for Business web dashboard. Enterprise companies find SSO to provide a range of benefits that suit their needs, including below (but not limited to):
- Centrally controlled authentication that some companies prefer for security reasons
- A global Standard for Enterprise access
- Smooth experience to login
- Separates business and personal accounts
- SSO enabled accounts are automatically linked to the organization
Supported Identity Providers:
- Azure AD
Supported SSO Protocols:
- SAML (Security Assertion Markup Language)
¶ Pre Checklist
To enable Admin/Coordinator SSO, there are certain requirements that need to be fulfilled before you begin the setup process.
- Firstly, you must be onboarded to an Uber for Business organization and have administrative access to it through business.uber.com.
- Additionally, your organization must be using one of the Identity providers that we currently support.
- To enable users for SSO, they should be added to the Identity Provider portal, and assigned to the Uber for Business application.
- If you have created multiple organizations with Uber for Business, you will need to specify which organizations you want to enable for Admin/Coordinator SSO.
¶ Steps to enable Admin/Coordinator SSO
To enable single sign-on (SSO) for admins/coordinators in your organization, please contact your Sales Manager:
As part of the SSO request, you will need to share the following details with your sales manager or business API support agent: (Your IT administrator should be able to help with the below details)
- Organization’s name or uuid
- Email domain
- Identity provider (IDP) sign-in URL
- IDP public key ( X509 Certificate / Base64 Certificate )
- IDP Metadata file URL (can be shared instead of requirements 3,4)
Details on how to get this info can be found here
Next, you must verify domain ownership by updating a DNS record on your domain provider’s website. Your account manager or support agent will provide you with a verification string to be updated on the domain record to complete this step. Please seek assistance from your IT administrator if needed.
Once this step is completed, confirm it back to your sales manager or support agent. They will then get SSO enabled for your organization and send a confirmation to you.
All admins/coordinators will receive a welcome email and SSO enablement will be complete for your organization. For more information about the sign-up experience for admins, please see below.
¶ Sign-up experience for Admins/Coordinators
After an organization is enabled for SSO and a user is added as an admin/coordinator to the Uber for Business dashboard using their work email ID, there are two sign-up flows depending on the circumstances:
- If the user’s work email ID is available to create a business account and has not been used to create an Uber account before, a business account will be created for them with SSO settings. The user will receive a welcome email, log in through IDP using SSO, and review and accept the T&Cs for the new business account (a one-time step).
- If the user already has an Uber account with their work email ID, they will be prompted to choose between two options to create a business account:
- Option 1: Update their current Uber account’s email address to a personal one for personal use, freeing up the work email ID. An auto-created and activated business account with the work email ID will have SSO enabled.
- Option 2: Transfer the existing Uber account to a business account. They could create another Uber account with a personal email address for personal use.
¶ Implications of converting personal account to a business account
It’s important to note that converting a current Uber account to a business account means that the account will be managed by the organization. The organization will have access to all activity and data on the account, including details of past and future Uber trips and meals of the user. Converting the account to a business account is irreversible and should be at the individual user’s sole discretion.
Note: After receiving an email to select one of the above options, the user will log in through IDP using SSO and review and accept the T&Cs for the new business account (a one-time step). For Option 2, this step will be skipped as the T&Cs were already accepted when the Uber account was first created, although the user will need to affirmatively consent to the account conversion.
¶ Business account in Uber for Business
- A business account is an account managed by an organization and solely used for business purposes.
- It is separate from personal accounts and managed by the organization for activating features such as single sign-on, password reset, and two-factor authentication. When an employee leaves the organization, their access to the account is automatically revoked upon removal from the organization’s IDP.
- All trip data taken via a business account will be available to the organization through the Uber for Business dashboard even if the employee leaves. Employees still have data subject rights and can contact Uber support for any past data from their business account if needed in the future.
- Currently, regular trips or meals cannot be accessed using your Uber app through a business account. However, we are in the process of imminent enhancements that will enable the same for SSO-enabled admins.
Note: Any admins who are currently using an email address[official or personal] and password to login to business dashboard before enabling SSO, it is considered to be personal accounts.