As an account owner or administrator, you can ensure users sign in to your account securely with SSO. For this, you must enable the Require SSO setting in the Users tab. The Users tab is visible only for an account owner or administrator.
Note
You must enable Require SSO for each user individually. However, if you're inviting multiple (new) users to the same role in a single invitation, then you can enable SSO for them together.
Important
Read Scenarios to consider when requiring SSO . Your users must be made aware that they must set Use this account for SSO in the Security tab of their profile in the Celigo platform before or when they sign in. Only when this is done, the account is linked to SSO, and the credentials of the account are matched with the SSO provider account when the user signs in.
Caution
When Require SSO is enabled for account sign-in, if users do not set Use this account for SSO, they will run into access issues.
-
New account user – first-time platform access: When you're inviting a user who is accessing the Celigo platform for the first time, let's say, a new employee, to your organization account with the Require SSO setting enabled, then Use this account for SSO is automatically set for the user. There is no action required by the user.
-
New account user: When you're inviting a user who has already signed in to the Celigo platform, let's say as a free trial user, to your licensed organization account with the Require SSO setting enabled, the user must click the link in the invitation mail to sign in the first time using email ID and password then set Use this account for SSO before signing out.
Tip
You can assign limited access, for example only monitor access to any essential integration initially till the user successfully signs in with SSO.
-
Existing account user: Before enabling the Require SSO setting for any existing user in your account, make sure that the user has set Use this account for SSO.
-
Sign in to the Celigo platform with account owner or administrator credentials.
-
Click the avatar icon in the upper right corner, then click Users.
-
The Users tab opens.
-
Based on whether you want to require SSO sign-in for an existing user or a new user, follow these steps:
Existing user
New user
-
Click + Invite user.
-
In the Invite user window, enter the user's email ID. (You can invite multiple users to the same role in a single invitation.)
-
Select the role and permissions for the user. If you want to get a better understanding of roles and permissions, see manage account and integration permissions.
-
Enable the Require SSO setting.
-
Click Invite.
Now, when you view the list in the Users tab, you'll see the user has been added to the list and Require account SSO? is enabled as shown.
The new account user must select this account for SSO (if it's not automatically set) and successfully sign in. Then the following SSO field gets updated in the dashboard.
Column (read-only)
What it means…
Account SSO Linked?
This column indicates whether the user has successfully signed in to the Celigo platform using the account SSO. When the user has successfully signed in to the account with SSO, then the field displays
yes
. Otherwise, the field displaysno
.
-
Sign-in issues will occur for the following reasons:
-
A new user (not, a first-time platform user) has not set Use this account for SSO before signing out the first time.
-
An existing user has not set the Use this account for SSO before signing into the account with SSO for the first time.
Here's the workaround:
-
Admin: Disable the Require SSO setting for a user who has run into an SSO access issue.
-
In the bottom right corner click Account > Users.
-
The Users tab opens.
-
Select the user and disable the Require SSO setting.
-
-
Admin: Inform the user to sign in to the account using email ID and password and set Use this account for SSO.
-
User: Inform the admin that Use this account for SSO has been set.
-
Admin: Enable Require SSO setting for the existing user to sign in securely.
-
Admin: After the user successfully signs in with SSO, check if Account SSO linked? displays
yes
.
Tip
You can use APIs to view and update user access.
Comments
Please sign in to leave a comment.