What sign on methods are available?

For employee login we support the following sign on authentication methods:

  • System Account (email & password)

  • Single Sign On (SAML)

 

System Account

  • This is the default method for logging in as an employee
  • When you add an employee, they are emailed a registration link
  • Upon clicking this link they must set a password, and on any future visits they enter their email address and the password to login
  • By default, password security is set to Medium (which is a minimum of 8 characters including at least 1 number, 1 lowercase and 1 uppercase character) and passwords expire every 365 days

Note

If you want to set a higher security level and/or expire passwords more frequently then go to System Settings, Sign On and click Settings next to System Account

 

As well as logging in using an email and password, you can also allow your employees to login with one of their existing accounts:

    • Slack
    • Office 365 (AzureAD)
    • G Suite (Google)
  • To enable any of these existing account login methods, tick the required box(s) on the System Account Settings page
  • Once enabled, a button will be shown on the login page that will let them login using their existing account (Slack, etc.)
  • This does not affect their ability to login using their System Account (e.g. username and password)

Note

The email address in the existing system MUST match the email address used in our system

 

Single Sign On (SAML)

Security Assertion Markup Language (SAML) is a standard for logging users into applications based on credentials from another system. This Single Sign On (SSO) login standard has significant advantages:

  • No need to type in separate credentials
  • No need to remember and renew multiple passwords
  • Less chance of weak passwords or password re-use
  • Passwords are not stored in our system so cannot be compromised

Most organisations already know the identity of their users because they are logged into their computers using Active Directory or they use a cloud identity provider (e.g. Office 365, OKTA, etc.). It therefore makes sense to use this centrally managed information to log users into other applications, such as web-based applications, and one of the more elegant ways of doing this is by using SAML.

 

SAML SSO setup guides

Below you will find our SAML setup guides.  If you don’t see your provider please use the Generic guide.

 

FAQs

Can I have both System Account and SAML SSO sign on methods enabled at the same time?

No.  If you enable Single Sign On (SAML), it will automatically disable the System Account login, and vice-versa.

Do I have to setup and manage an internal Identity Provider server?

No.  You can use any Identity Provider that supports SAML 2.0 whether its local/internal (e.g. Microsoft ADFS) or based in the cloud (e.g. Office 365, OKTA, etc.).

I can't see my SAML Identity Provider in your list?

We are always looking to improve our SAML setup guides.  If you would like to suggest an additional provider, please contact support. However, as long as your Identity Provider supports SAML 2.0 you should be able to set them up using the Generic guide.

Was this article helpful?

1 out of 1 found this helpful

Comments (0 comments)

Article is closed for comments.