Single sign-on (SSO) is a method that allows users to access multiple applications with only one authentication. Users log in to their Identity Provider and the Identity Provider manages the connection to other tools.
In this article:
- Why use SSO
- How SSO works on Supermood
- Setting up SSO
Why use SSO
Logging in via SSO has a number of benefits:
- on the employee side, there is no need to remember, write down or lose an extra login and password - logging in to the corporate identity provider is enough;
- on the company side, you increase your security by reducing the risk of weak or written down passwords.
However, it does require that:
your company has an identity provider;
employees are configured in the identity provider with exactly the same email address as the one in their Supermood profile.
How SSO works on Supermood
You are going to enable SSO on Supermood for specific domain names such as "your-company.com".
Once done, employees with email addresses matching these domains will need to log in to the identity provider to access Supermood.
If there are users whose email domains are different from the SSO configuration (as may be the case for consultants, for example), they will be able to log in using the classic method: email and password.
Finally, employees who do not have an email address will still be able to log in with their ID and password if you have set it up.
Setting up SSO
Step 1: Requesting a test account
To ensure a smooth and surprise-free implementation, the safest thing to do is to give your IT department access to a test account. They will then be able to adjust the configurations on their side without risking to disrupt the existing accesses.
To do this, send your request for a SSO test account to firstname.lastname@example.org, along with the names and email addresses of the people who will need access to it. Typically, this will be the Supermood project manager (the primary administrator), and the person responsible for implementing SSO in your company.
Step 2: Setting up SSO
Once your SSO test account has been created by the support team, here are the steps to follow.
- Login to Supermood-Preprod and select the "Test SSO" account.
- Go to My account > Settings > Authentication and click the "Add SAML 2.0 configuration for a domain" button.
- Enter the domain that your company uses.
If you use several domains (for example: supermood.com, but also supermood.fr, or external-supermood.fr, etc.), you will have to add them separately.
Fill in your identity provider's metadata in XML format - either by pasting the metadata directly, or by providing a URL where they are hosted (as XML too).
💡 Note 1: the technical documentation required by your IT can be found just below the fields to fill out.
💡 Note 2: We advise you not to activate Just-In-Time provisioning, which will have the effect of directly adding co-workers without assigning them all the data needed to analyze your results.
- You can now test the SSO login by signing out and signing back in, with an email address that is both valid in your identity provider and in Supermood.
Step 3: Deploying SSO
Once the SSO connection is functional on the Test account, you will be able to apply the same configuration to your main account.
Your test account will be automatically deleted one month after its creation.
That's it! You and your colleagues can now log in to Supermood with one click and without having to remember a password. 🎉
Any doubts or questions? Let us know at email@example.com - we'll be happy to help! 💁♀️