Skip to Content
AdminsSSO & Access Control

SSO & Access Control

Juno provides enterprise-grade authentication and authorization through integration with your identity provider, ensuring secure access while maintaining full control over user permissions.

Single Sign-On (SSO)

Overview

Juno supports major SSO protocols including SAML 2.0, OpenID Connect (OIDC), and Active Directory, ensuring seamless authentication aligned with your security standards.

Benefits

BenefitDescription
Seamless IntegrationUsers sign in with their existing corporate credentials
Enhanced SecurityCentralized authentication reduces password-related security risks
Simplified ManagementIT administrators manage access through your existing identity provider
Audit TrailComplete logging of authentication events for compliance

Setting Up SSO

During implementation, your IT team will work with our team to:

  1. Configure Connection: Set up the SSO connection between Juno and your identity provider
  2. Test Integration: Validate the connection with test users before go-live
  3. Map Attributes: Configure user attribute mapping for seamless profile creation
  4. Domain Verification: Verify your organization’s domains for automatic SSO routing

Your Juno implementation team will provide detailed setup instructions and direct support for your IT team during SSO configuration.

Role-Based Access Control (RBAC)

Overview

Juno uses a combination of role-based and relationship-based access control to ensure users only access data and features appropriate to their role.

Built-in Access Levels

Juno provides three primary access levels out of the box:

Organization Admin

  • Access Method: SSO or code-based authentication
  • Scope: Full organizational administration
  • Use Case: Primary administrators responsible for configuring policies, managing users, and overseeing operations

Coordinator

  • Access Method: SSO or code-based authentication
  • Scope: Coordinator-level operations
  • Use Case: Coordinators responsible for inviting and managing travelers

Guest/Traveler

  • Access Method: Code-based authentication
  • Scope: Travel booking and expense submission
  • Use Case: Non-employee travelers submitting expenses and managing bookings

Custom Roles

Beyond the built-in levels, Juno supports fully customizable role creation with fine-grained permissions:

PermissionDescription
ReportingAccess reporting and analytics
Travel ManagementInvite and coordinate travelers
Trip OversightView all organizational trips
User ManagementAdd/remove users
ConfigurationModify organizational settings
FinancialManage payment accounts
Universal ApprovalOverride approval workflows
User AdministrationComprehensive user management

Creating Custom Roles

Custom roles are configured by a Juno account manager. Contact your account manager to request one.

Security Features

Session Management

  • Secure Cookies: Session tokens stored in secure, HTTP-only cookies
  • Session Refresh: Automatic token refresh for a seamless experience
  • Organization Context: Sessions tied to specific organizational contexts
  • Timeout Policies: Configurable session timeout based on organizational policies

Audit and Compliance

  • Authentication Logging: Complete audit trail of all authentication events
  • Permission Changes: Tracked and logged permission modifications
  • Access Attempts: Failed authentication attempts logged for security monitoring
  • Integration Events: SSO connection events monitored and recorded
⚠️

Changes to user permissions may take up to 5 minutes to propagate throughout the system due to caching optimizations.

Best Practices

Role Design

  1. Principle of Least Privilege: Grant only the minimum permissions required for each role
  2. Regular Review: Periodically audit user permissions and remove unnecessary access
  3. Separation of Duties: Avoid combining conflicting permissions in single roles
  4. Clear Naming: Use descriptive role names that clearly indicate their purpose

User Management

  1. Automated Provisioning: Leverage SSO attribute mapping for automatic user provisioning
  2. Offboarding Process: Ensure prompt access removal when users leave the organization
  3. Regular Audits: Conduct periodic access reviews to identify and remove stale accounts
  4. Training: Ensure users understand their permissions and appropriate usage

Troubleshooting

Common SSO Issues

  • Connection Failures: Verify domain configuration and certificate validity
  • Attribute Mapping: Check user attribute mapping between identity provider and Juno
  • Permissions Not Loading: Clear browser cache and verify role assignments

For additional support with SSO configuration or access control issues, contact your Juno account manager or implementation specialist.

Last updated on
Saved LocationsOverview