National Crime Check supports single sign-on (SSO) using any SAML 2.0 identity provider.

An example of some common providers include Azure AD, CyberArk, JumpCloud, Okta, OneLogin, and Ping Identity. If your SSO provider is not listed here, you can still use single sign on as long as your provider supports SAML version 2.0.

SSO operates alongside the existing user logins. Both can be used concurrently. After turning on SSO, it's advised that clients should then deactivate their existing logins once they have verified the new connection is operating correctly. It's also suggested to maintain a few "break glass" accounts with staff permission, to facilitate management of the SSO configuration if required.

Single Sign-On connections support these features:

• SP-initiated SSO -- login from the NCC website
• IdP-initiated SSO -- login to NCC from your identity provider portal
• Just-In-Time provisioning
• Multiple roles and permission sets