For employee login we support the following Sign On methods:
- System Account (email & password)
- Single Sign On (SAML)
This is the default method for logging in as an employee. When you add an employee they are emailed a registration link. Upon clicking this link they must set a password, and on any future visits they enter their email address and the password to login.
By default, password security is set to Medium (which is a minimum of 8 characters including at least 1 number, 1 lowercase and 1 uppercase character) and passwords expire every 365 days. If you want to set a higher security level and/or expire passwords more frequently then go to System Settings > Sign On and click Settings next to System Account.
As well as logging in using an email and password, you can also allow your employees to login with one of their existing accounts. We support the following:
- Office 365 (AzureAD)
- G Suite (Google)
To enable, you just tick the required box on the "System Account" settings page. Once enabled, a button will be shown on the login page that will let them login using their existing account (Slack, etc.).
This does not affect their ability to login using their "System Account" (e.g. username and password). Please Note - the email address in the existing system MUST match the email address used in our system.
Single Sign On (SAML)
SAML stands for Security Assertion Markup Language and is a standard for logging users into applications based on credentials from another system. This Single Sign On (SSO) login standard has significant advantages:
- No need to type in separate credentials
- No need to remember and renew multiple passwords
- Less chance of weak passwords or password re-use
- Passwords are not stored in our system so cannot be compromised
Most organisations already know the identity of their users because they are logged into their computers using Active Directory or they use a cloud identity provider (e.g. Office 365, OKTA, etc.). It therefore makes sense to use this centrally managed information to log users into other applications, such as web-based applications, and one of the more elegant ways of doing this is by using SAML.
Below you will find our SAML setup guides, if you don’t see your provider please use the Generic guide.
- SAML Setup Guide (Office 365/AzureAD)
- SAML Setup Guide (OKTA)
- SAML Setup Guide (G Suite)
- SAML Setup Guide (OneLogin)
- SAML Setup Guide (PingOne)
- SAML Setup Guide (ADFS)
- SAML Setup Guide (Generic)
Can I have more than one Sign On method enabled at the same time?
No, if you enable "Single Sign On (SAML)" it will automatically disable the "System Account" login. If you use Single Sign On it is more convenient to login but it also means we do not need to store any passwords in our system which means it is much more secure.
Do I have to setup and manage an internal Identity Provider server?
Of course not, you can use any Identity Provider that supports SAML 2.0 whether its local/internal (e.g. Microsoft ADFS) or based in the cloud (e.g. Office 365, OKTA, etc.).
I can't see my SAML Identity Provider in your list?
We are always looking to improve our SAML setup guides. If you would like to suggest an additional provider, please contact support. However, as long as your Identity Provider supports SAML 2.0 you should be able to set them up using the Generic guide.