SSO introduction
Single Sign-On (SSO) allows you to use a 3rd party service to manage the authentication for the Sign In App management portal. Some of the common platforms that are used to manage SSO are Google, Azure, and Okta. Sign In App SSO uses Open ID connect (OIDC) protocol, SAML is not supported. The initial SSO setup needs to be done by Sign In App, follow the instructions below and then contact [email protected] to get started.
Important: SSO is a feature exclusive to the Sign In App Pro plan and can only be set up by customers on this plan.
If you would like to upgrade to the Pro plan please email [email protected]
Sign In App SSO is designed for managing portal admins only. You are not able to manage Companion app users with SSO - you can read more about other ways of managing Companion app users here.
Setup process
To set up SSO on your Sign In App account we need some details.
First, we need the request for the configuration of SSO to come from the primary user on the account - you can find who this is by going to
Manage, scrolling down toPortal users, and the primary user is indicated by the crown icon next to their name. The primary user can either specify themselves as the SSO admin (the user that manages SSO on the account) or another portal user.Next, we need the configuration details for the SSO provider you're using. This will be slightly different for Azure, Google, and Okta.
When registering Sign In App as a application in your SSO platform you may be prompted for a Redirect URL, please use https://my.signinapp.com/login/sso/callback
Send the details from the Azure, Google, or Okta document along with the SSO admin user’s email address to [email protected]. Then we can get started with setting up SSO on your Sign In App account.
Important: Sign In App Single Sign On is triggered by email domain. This means if your organisation has multiple Sign In App accounts SSO must be used across all of the accounts and the SSO administrators must have full access across all accounts. SSO users can be restricted to single Sign In App accounts.
This also means if you have portal users with different email domains to the one SSO has been set up on they will need to continue using Email/Password to log in.
Configure SSO
Once you’ve been set up as an SSO admin, you can manage SSO from the Sign In App portal, go to Manage and then scroll down to the bottom and click Portal users. From there click the button below the Single sign on users section (there will be a logo for the SSO platform you’re using e.g. Google, Azure, or Okta).
SSO users
This section allows you to view the SSO users on your account, you can click the user to manage their individual permissions. Read more about managing users here.
Pending approval
When a user requests to have access to your Sign In App account using SSO they will appear in this list, allowing you to manage all new users from one location.
Settings
You can manage the default permissions that an SSO portal user will get when they’ve been approved.
Setting up SSO for a user
When a user needs access to your Sign In App account using SSO they can visit my.signinapp.com and enter their email address. The system will pick up the domain (what’s after the @) and give them the option to select their SSO login. If this is the first time they’re logging in with SSO, they will be prompted to select the email address they’re trying to log in with.
Within your SSO platform, if you have configured which users should have access to Sign In App, then users without access will be denied when selecting their user. If you don’t have default permissions set up the user will need to select which account(s) they’re looking to gain access to by clicking Request access.
Following this, they’re added to the Pending approval list in the SSO admin section of the Sign In App portal. SSO administrators can then configure their permissions and approve or deny the request.
With default permissions enabled this step is skipped and the user gains access automatically. SSO administrators will also be sent an email notification to let them know a user has requested access.
Managing SSO users
Managing default permissions allows you to set the base permissions that all users within your organisation should have. You can also manage individual users giving you granular control over which users have access to each section of the Sign In App portal.
Default permissions
Default permissions mean that any user in your organisation that tries to access your Sign In App account with a valid email address (one on your domain) will automatically have access to the account(s) with the default permissions enabled.
Depending on your SSO provider, you should be able to set which users will have access to Sign In App - this gives you control over access to Sign In App from within your organisation. When these users go to log in they will be configured with the default permission level.
Important: Some SSO providers may not allow you to manage which users have access to Sign In App. If that is the case, you might choose to disable default permissions so all users with your organisation’s domain don’t have access to the Sign In App portal.
Individual permissions
Some users may need higher or lower permission levels than the default permissions, in this case you’re able to edit each user separately. Click SSO users from the SSO admin section of the portal to see a list of all SSO users configured on your account. Clicking a user will show you their permissions, if you have default permissions enabled then this will be toggled on here. To edit the users permissions you need to toggle Use default permissions off, once you’ve done this you can edit the user’s account and site access, and permission level.
SSO Administrators
As an SSO administrator you’re able to manage user permissions and approve new users. If you want to make another SSO user an SSO administrator, edit the user and toggle Allow this user to manage SSO users ON.
Feedback
If you have any feedback or questions about Sign In App SSO please contact [email protected].