Single Sign-On
Supplementary Terms

Effective Date: February 18, 2025 

These Single Sign-on (SSO) Supplementary Terms (“SSO Terms”) supplement and form part of Decipher Credit Solutions, Inc. (“Decipher Credit”) Customer Terms of Service (“Customer Terms”), available at Decipher Credit Terms. By enabling or using SSO to access Decipher Credit’s services (the “Services”), you (“Customer”) agree to these SSO Terms in addition to the Customer Terms. In case of conflict, these SSO Terms will govern SSO-related matters.

1. Definitions

1.1. Single Sign-on (SSO): A method of authentication that allows a Customer’s authorized users to access Decipher Credit’s platform using credentials from a third-party identity provider (“IdP”).

1.2. Identity Provider (IdP): A third-party authentication service that Customer integrates with Decipher Credit’s Services to facilitate SSO login.

1.3. Authorized Users: Employees, contractors, or agents whom the Customer has granted permission to access the Services via SSO.

1.4. Microsoft Office 365 Add-ins: Decipher Credit-developed software extensions that operate within Microsoft Office 365 applications, which may utilize SSO to provide seamless authentication and interaction with Decipher Credit’s platform. An integration with Microsoft Entra ID (formerly Azure Active Directory) may be used to provide authentication and access management between Office 365 apps and Decipher Credit’s platform.

1.5. Customer Account: The Customer’s Decipher Credit account configured for SSO authentication.

2. SSO Integration and Responsibilities

2.1. SSO Configuration & Supported Providers:

• Customer is responsible for configuring and maintaining the integration between its chosen IdP and Decipher Credit’s Services.
• Decipher Credit supports SSO via industry-standard protocols such as OAuth, subject to compatibility with the IdP.
• Decipher Credit reserves the right to add or discontinue support for specific IdPs at any time.
• For Microsoft Entra ID integration, Customer acknowledges that authentication may be managed through an Azure App that Decipher Credit provides.

2.2. Access Control & Security:

• Customer is solely responsible for managing user authentication and authorization within its chosen IdP.
• Customer must ensure that only Authorized Users can access the Services via SSO and must revoke access when necessary.
• Decipher Credit is not liable for unauthorized access resulting from Customer’s:
  
  • Misconfiguration of the IdP,
  • Security breaches within the IdP, or
  • Failure to manage user credentials properly.

2.3. Office 365 Add-ins & SSO

• If SSO is used to facilitate access to Decipher Credit’s Office 365 Add-ins, Customer acknowledges that authentication data may be shared between Decipher Credit’s platform and the Add-ins.
• Customer agrees that Decipher Credit is not responsible for authentication failures due to Microsoft system outages or changes in Microsoft authentication policies.

2.3. Data Sharing and Processing:

• By enabling SSO, Customer authorizes Decipher Credit to rely on authentication data provided by the IdP.
• Customer acknowledges that Decipher Credit does not store, manage, or control IdP login credentials.

3. Service Availability & Support

3.1. Availability:

• Decipher Credit does not guarantee uninterrupted access via SSO. Service interruptions due to IdP downtime, misconfigurations, or third-party issues are outside Decipher Credit’s control.

3.2. Technical Support:

• Decipher Credit provides standard support for SSO integration, but is not responsible for troubleshooting issues within the Customer’s IdP.
• Customer may be required to disable SSO temporarily for issue resolution.

4. Compliance & Data Security

4.1. Compliance with Laws & Policies:

·       Customer is responsible for ensuring that its use of SSO complies with all applicable laws and regulations, including but not limited to:

• • General Data Protection Regulation (GDPR),
  • California Consumer Privacy Act (CCPA),
  • Any other applicable data privacy laws.

4.2. Security Obligations:

• Customer is responsible for implementing security best practices within its IdP to protect access to Decipher Credit’s Services.
• If Decipher Credit detects suspicious SSO activity, it may temporarily disable SSO access and require Customer to take corrective actions.

5. Suspension & Termination

5.1. Suspension of SSO Access:

• Decipher Credit may suspend or restrict SSO access if it determines that:
  
  • The Customer’s IdP integration poses security risks,
  • The Customer violates these Terms, or
  • There is evidence of unauthorized access or fraudulent activity.

5.2. Termination:

• Customer may terminate the use of SSO upon:
  
  • Any Customer’s user modifying their access configuration.
  • Customer’s written notice to terminate all Customer’s SSO provided that SSO services are provided without a Service Level Agreement and are not part of any other contractual obligation specific to SSO Services.
• Decipher Credit may terminate at any time the use of SSO upon written notice; provided that SSO is not specifically and directly included as part of any current and good standing Service Level Agreement between Customer and Decipher Credit.
• Termination of SSO does not affect the Customer’s broader obligations under Decipher Credit’s Customer Terms.

6. Limitation of Liability

• Decipher Credit is not responsible for any damages, losses, or liabilities arising from:
  
  • IdP failures, misconfigurations, or service disruptions,
  • Unauthorized access caused by Customer’s SSO implementation,
  • Any IdP authentication system failures.
• In no event shall Decipher Credit’s liability under these SSO Terms exceed the fees paid specifically for SSO-related features, if any, in the preceding 12 months. 

7. Amendments

Decipher Credit may update these SSO Terms periodically. Continued use of SSO after such updates constitutes Customer’s acceptance of the revised terms.