Single Sign-On (SSO) is an authentication method that enables users to access multiple independent software systems with a single set of credentials. Microsoft Single Sign-On (SSO) allows Microsoft users to log into RoomKeyPMS using their Microsoft username and password. Single Sign-On helps reduce the number of passwords users need to manage, which in turn lowers the risk of weak passwords and credential compromises, making it a more secure option overall.
To enable Microsoft Single Sign-On (SSO) Login for RoomKeyPMS, you need to complete the steps outlined below:
- Microsoft Tenant ID: talk to your Properties IT Manager and ask for your company's Microsoft Tenant ID. This ID needs to be provided to RoomKeyPMS Support in order to enable the Microsoft Login feature embedded within RoomKeyPMS.
- RoomKeyPMS Version: Ensure all computers have been updated to Version 11.0.0.40 or higher. This is essential for enabling SSO login functionality.
-
Clerk Email Addresses:
- All Clerks must have their email addresses updated in RoomKeyPMS before activating SSO Login.
- If a Clerk doesn't require SSO login, the SSO Login "Bypass" checkbox must be checked for that Clerk before enabling SSO.
- Third-Party Integrations: Clerks associated with specific third-party integrations (e.g., M3) must have the SSO Login "Bypass" checkbox checked. This should be done before enabling SSO for your property or these integration's will encounter issues attempting to access your properties data once SSO is enabled.
- Unique Clerk Email Addresses: Each Clerk must have a unique email address. The same email address cannot be assigned to multiple Clerks in RoomKeyPMS.
Next Steps:
Before requesting to have SSO activated please review this document in its entirety. If you need assistance with any of the steps or have any specific questions about configuring SSO,feel free to reach out!
Once this document has been reviewed and all conditions have been met, the final step to enable this feature is to reach out to RoomKeyPMS Support ([email protected]) and provide them with your Microsoft Tenant ID.
NOTE: Microsoft SSO login is currently only available on PC users. The release date for MAC users is to be announced (TBA).
Prior to enabling SSO, each Clerk in RoomKey must have their Microsoft email, that is associated with your Tenant ID, assigned to their Clerk Login. The "Email" field will only appear in Version 11.0.0.37 or higher. If SSO is enabled and a Clerk does NOT have an Email assigned, the "Bypass" checkbox must be checked or they will be unable to login to RoomKey.
Only email addresses associated with your Tenant ID should be entered into the Email field. If an email is entered and it is NOT associated with your Tenant ID, the Clerk will encounter the following error when attempting to login using the Microsoft Login button "Email is not associated with Tenant ID. Contact your Manager to confirm correct email to be used."
Should you wish to exempt a Clerk or a 3rd Party System (ie: M3) from using the Microsoft Login when SSO is enabled for your property, proceed to System Configuration -> Clerks, locate the Clerk and check the SSO Login "Bypass" checkbox to disable this login option. The Clerk would then be required to use their RoomKey Login Name & Password in order to login to RoomKeyPMS.
Properties are responsible for ensuring all 3rd Party Logins (ie: M3) have "Bypass" checked prior to going live with SSO.
Once all Clerks have been configured with either an Email or have SSO Login "Bypass" checked, reach out to RoomKey Support ([email protected]) and request that they activate SSO Login for your property. You would need to provide them with your Microsoft Tenant ID in order to enable.
NOTE: RoomKeyPMS Support is unable to locate your Microsoft Tenant ID for you, please consult your properties IT Team should you need assistance in locating this information.
Once RoomKey Support has confirmed that your SSO Tenant ID has been configured, select the "Mircosoft Login" button on the RoomKeyPMS login screen and enter your Email, Password & 2-Factor Authentication (if enabled).
NOTE: The 1st person who attempts to login will be asked to Consent on behalf of the Organization to use the TenantID. Once consent has been given, "RoomKeyPMS" will appear as an Enterprise Application on the properties Microsoft Account. Select "Accept" to continue. Example of message below:
You will now be logged into RoomKeyPMS!
NOTE: You may notice that RoomKeyPMS takes slightly longer to load when logging in via Microsoft Login, this is normal as we are confirming login information with Microsoft prior to completely RoomKeyPMS login.
Below is a list of possible error messages that a Property/Clerk may encounter once SSO has been enabled and what is required to resolve the issue.
| Error Message | Solution |
|---|---|
| Login by Username & Password is not allowed as SSO is active. Microsoft Login button must be used to login. | If SSO is enabled for a property and a Clerk attempts to login using their RoomKey Login & Password, the following message will appear. Clerk must login via the Microsoft Login button or property must select the "Bypass" option for the Clerk to allow them to use their Login & Password instead. |
| Unable to login using Microsoft Login. Contact RoomKeyPMS Support to enable or to verify TenantID if one was already provided. | This message will appear if a Clerk selects "Microsoft Login" but a TenantID has not been configured by RoomKeyPMS Support OR if the TenantID provided is invalid. Property should reach out to RoomKeyPMS Support to provide/verify their TenantID. |
| Email is not associated with a RoomKey Clerk. Contact Manager to update Clerk in RoomKeyPMS. | This message will appear if the Clerk has selected "Microsoft Login" and attempts to login to RoomKey using an email address that has not be associated with a Clerk under System Configuration => Clerks. A manager at the property will need to go to System Configuration -> Clerks and add the Clerks email to their Clerk Login in RoomKey. |
| Microsoft Login is not enabled for Clerk. Login by Username & Password or contact Manager to enable Microsoft Login. | This message will appear if a Clerk has the "Bypass" option enabled and they are trying to login via the Microsoft Login option. Clerk must use their RoomKey Login & Password in order to login OR their manager would need to uncheck the SSO login "Bypass" checkbox located under System Configuration -> Clerks in order for them to login via the Microsoft Login option. |
| Email is not associated with Tenant ID. Contact your Manager to confirm correct email to be used. | This message will appear if a Clerk is attempting to login with an email that is not associated with the provided Tenant ID. The Clerk will need to speak to their Manager/IT Team to confirm the correct email that should be used in order to login. |
| Email is already associated with a Clerk using RoomKeyPMS. | Email address has already been assigned to a Clerk under System Configuration => Clerks. Each Clerk must have a unique email address assigned in order to login via Microsoft Login. |