Seamless Authentication and Zero Login into My1Login
There are a three different ways you can initiate seamless authentication and zero login into My1Login where users have already been authenticated with Entra or Active Directory. This document outlines the different approaches and their respective benefits and considerations.
The below instructions outline how each option can be configured:
1. Using the Query String and Browser Plugin
A query string is a part of a URL that tells the extension which My1Login account to be directed to log into.
Administrators on My1Login can locate the account query string via their My1Login admin portal > Security > API Key Management.
This is configured by the administrators of the account by setting the user's home page on the browser and appending the query string to it. For example, https://www.google.co.uk/?m1l=YXU3EO. These can be centrally deployed via Group Policy or Intune.
When the user opens their browser the My1Login extension will read the query string and subsequently open another tab to authenticate the user with My1Login.
2. Using a Direct Login URL
A DirectURL allows users to initiate seamless authentication with My1Login.
The Direct Login URL is unique to every customer. An example of a direct login URL can be seen below:
To configure this, a user's homepage or a second tab can be set to the direct URL. This can be centrally deployed via Group Policy or Intune.
3. Using a "Hidden" Bookmark
A Bookmark can be stored in the user's browser containing a URL allowing the browser extension to initiate the authentication of the user without the need for any user interaction.
To configure this, a bookmark should be added containing the account query string. The bookmark should be called “My1Login SSO” and the URL should be a valid domain appended with the customer's SSO query string. See below example:
This can be stored in any location within the browser's bookmark structure.
The query string for the customer account can be found in the My1Login admin portal > Security > API Key Management.
This can be centrally deployed via Group Policy or Intune.
Related Articles
Troubleshooting: No seamless SSO Authentication
If users are not being automatically authenticated with My1Login when logging on to a network joined device, quick checks: The extension is installed on the browser in use. The account short code (query string) present at the end of the homepage URL. ...Deploying My1Login Extension via Group Policy
1.1 Use Just One Group Policy For simplicity in administering group policies we suggest that all My1Login related settings are made in the same group policy (e.g. “My1Login SSO”). However, this is merely a suggestion, we recognise that some products, ...How the browser extension works
The My1Login browser extensions work by either: Connecting to the company Active Directory or Entra Directory Storing the client-side encrypted credentials on the My1Login cloud server The job of the browser extensions is to search webpages for login ...