Setting Up SSO

SSO (Single Sign-On) allows participants to access Momenta using their organization’s credentials. Instead of creating a separate login, they authenticate through their corporate identity provider (e.g., OneLogin, Okta, Microsoft Azure).

This is typically done during the same phase as platform approval but may proceed in parallel.

BTS Contacts

• NAM: Jonathan Chen
• EUR: Trina Sarkar
• MOW: (TBD)

Client-Side Contacts

• InfoSec or IT contact who manages their SSO provider
• They will configure certificates, metadata, and SSO attributes
• They will also test and troubleshoot access during setup

1. Project Lead confirms that SSO is required (included in the Journey Build Form)
2. Introduce BTS SSO Setup contact to the client IT team
3. BTS SSO contact gathers required info from the client:
   • SSO metadata
   • Certificates
   • User attribute mappings
4. BTS updates configuration inside the Client Collection in Momenta
5. BTS sets up an AWS S3 folder and preps the login setup
6. Share configuration back to client IT for their SSO platform
7. Conduct live testing with both sides involved
8. Confirm readiness with project team
9. Journey builder sets the login page

The way SSO is configured affects user creation, login, and self-registration capabilities. There are three main flows:

Open Flow (Preferred)

• All users in the client org can access Momenta via SSO
• BTS manages content access, not the client
• Best for large rollouts or self-registration setups

Restricted SSO (Not Preferred)

• Client controls who can log in to Momenta
• Limits flexibility for cohort expansion or self-registration

Restricted + Journey-Specific (Avoid)

• Separate SSO config for each journey
• High maintenance and risk of user confusion

• Participants visit: https://clientname.btsmomenta.com
• They are redirected to the client’s SSO page
• After logging in, they land on their journey homepage
• If they are in multiple journeys, they choose one from a dropdown

Optional: Cohort-Based Self-Registration

• You can configure a unique link per cohort that:
  • Creates the user upon first access
  • Auto-enrolls them into a specific cohort
• Be cautious with multiple programs — misdirected users are difficult to correct later

Preferred Flow: Open SSO Access

All users in the client org can access Momenta. BTS manages which journeys or cohorts they are assigned to.

Avoid These Flows:

• Client restricts login access within their SSO tool
• Each journey has a separate SSO config (high friction)

Reminder: This is not the same as platform approval. You may need InfoSec clearance before starting, but setup can run in parallel.

Visual Aids