Single Sign On

Single Sign On


Single Sign-On (SSO) for NebulaCRS

Introduction to SSO

Single Sign-On (SSO) is a secure authentication method that allows you to access multiple applications and systems using one set of login credentials (your company username and password).

Instead of remembering unique passwords for every service, you log in once to your company's central system (such as Microsoft or Google), and SSO handles your access across all connected platforms, including NebulaCRS.

Legacy Username and Password

The legacy username and password for eRes, NebulaCRS will still work. On the New modules, click on the HTI logo which will direct you to the screen to login with Username and password. eRes you will still need to use a username and password.

Configuration and Initial Sign-Up

The SSO process requires a one-time sign-up to link your NebulaCRS user profile with your central company login credentials.

Admin/Supervisor Setup (System Administrator Tasks)

  1. Create or Update User: Create a new user or update an existing user profile within NebulaCRS. (Refer to article).
  2. Assign Company Email: Ensure the user profile has a valid company email address assigned. This email address is the critical link for SSO.
  3. Optional Invitation: Click the 'Invite User' button to send an invitation email.

End-User Sign-Up Process (User Tasks)

  1. Follow Invitation: If you received an invitation email, click the link inside and select the Sign Up option.
  2. Match Email: During the sign-up process, you must use your company email address that was assigned to you in NebulaCRS.
  3. First Login: Once the sign-up is complete, you can log in to the connected NebulaCRS modules using the dedicated "Organisations Login" option (e.g., "Login with Google" or "Login with Microsoft").

Warning
Please Note

  1. Email Requirement: You must have a valid company email address assigned to your NebulaCRS profile.
  2. Legacy Password Requirement: A password still needs to be assigned to your user account within the NebulaCRS system. This password is required for Legacy Login modules (see supported modules below) and for Supervisor Override features. 

How SSO Works

  1. User accesses the NebulaCRS application and selects the SSO login option.

  2. NebulaCRS redirects the user to the SSO provider for authentication.

  3. The SSO provider verifies credentials and sends an authentication token back.

  4. The user is granted access to NebulaCRS (and other connected apps) without logging in again.

Security Authentication

The SSO system checks your credentials against a Central Identity Provider (IdP), such as Microsoft or Google Workspace.

To enhance security, your IdP may require extra verification steps before the token is issued. These are known as Multi-Factor Authentication (MFA) and may include:

  • Two-Factor Authentication (2FA): Entering a one-time code sent to your phone or generated via an authenticator app.

  • PIN or Security Questions: Answering a personal security question or entering a personal identification number.

  • Device or Location Verification: Checking if you are logging in from a recognized device or location.

These steps are managed by your central IT department, not by NebulaCRS directly.

Supported CRS Modules and Legacy Access

Not all NebulaCRS applications support SSO.

Login Type

Supported Modules

Notes

SSO Login

NebulaCRS Admin

Use the applicable sign in option


Call Center Reservations

Use the applicable sign in option


Booknow 2.0 Content Manager

Use the applicable sign in option

Legacy Login

eRes

Requires your NebulaCRS legacy username and password.


Old Booknow Content Manager

Requires your NebulaCRS legacy username and password.


Supervisor Override: Supervisors using override features must still log in with their legacy NebulaCRS account for the override action. The current SSO configuration does not support concurrent sessions (logging in with multiple accounts) or multi-account sign-in within the same browser session.


Login Screens:

NebulaCRS Login Screen



Call Center Login Screen


Booknow 2.0 Content Manager


For IT Administrators

IT administrators must apply additional permissions within the applicable central identity platform to allow the nebulaone application access.

Identity Provider (IdP)Required ActionSupport Reference
Microsoft Entra IDAllow app nebulaone. Users will see an error message if permission is not granted (a specific error screen, often requesting admin consent).Microsoft Help Center
Google WorkspaceAllow app nebulaone. Users will see a specific permission error screen if access is denied.Google Workspace Help
AppleAllow nebulaone access within your Apple AccountApple Support
*HTI is not responsible for third-party forums. Linked articles are provided for troubleshooting convenience only.

Microsoft

Microsoft Entra ID (formerly Azure Active Directory)

Allow app nebulaone. If permission is not granted users will be presented with below message:


Further assistance refer to Microsoft Help Center


Google Workspace

Allow app nebulaone. If permission is not granted users will be presented with below message:



For further assistance refer to Google Workspace Help

Apple

Allow nebulaone access.


For further assistance refer to Apple Support


Troubleshooting


Issue

Potential Cause(s)

Resolution(s)

Invite email not received

Email filtered to spam/trash; incorrect email address in CRS; organisation filtering (e.g., Mimecast).

Check Spam or Trash folders. Check the email address signed up is correct. If your organisation uses Mimecast, allow the email or contact your IT administrator.

Invalid Credentials

Incorrect details entered; attempting to use the Legacy password on the SSO button.

Confirm details are correct. Ensure you are entering your company credentials (not your legacy CRS password) when using the SSO login option.

"We couldn’t find an account with that email."

Email mismatch between CRS and sign-up/login attempt.

Check with your CRS System administrator to confirm the correct email is assigned to your user profile. Ensure you are using the correct company email address to sign in.

New user created, not able to sign in but did Sign Up

The user account is missing the required legacy password.

The user must have a password assigned in NebulaCRS to complete the full linking process, even if they only use SSO going forward.

Login “stuck” in loop

URL is pointing to apps.hti-systems.com

Update the URL that has been bookmarked to nebulacrs.hti.app


    • Related Articles

    • How do I transfer charges to a single folio in Apex?

      In order to transfer charges onto a single folio or invoice in Apex the below steps should be followed: 1. Transfers Access the folio where the charges need to be transferred from by using the Room Rack or Room Chart menus. Once the folio is open ...

    • How do I fix frequent Booking.com configuration errors?

      When availability updates are failing, the ADS message logs are checked in order to resolve these errors. In order to resolve the errors found on the ADS message logs the below steps need to be followed: 1. ADS Message Logs To access the messages ...

    • AskNebula Access

      Before you Start AskNebula provides custom reports and visualizations for hospitality data. AskNebula is designed for enterprise-level reporting and custom visualisation, this is the ultimate tool for data analysts. Users can easily create custom ...

    • NebulaPMS V2023.1

      New Features Zoho Number Module Version Description Zoho Desk Number PMS-I1281 Reports 2023.1.2615 Revenue Forecast Report The revenue forecast report now shows historic figures as well if the date range that is set includes past dates. Forecast ...

    • NebulaPOS V2020.1

      Defects Resolved Zoho Number Module Version Description Zoho Desk Number POS-I269 Web App 2020.1 Top Sellers Report Combined Outlet setting The Top Sellers "combined outlet" setting has been fixed where combining outlets was causing product options ...