Skip to main content
All CollectionsSupport GuideSecurity & Privacy
How to setup Single Sign-On (SSO)
How to setup Single Sign-On (SSO)

Learn about SSO, how it can helps, and how to set it up for your company.

Sam avatar
Written by Sam
Updated over a week ago

What is SSO?

Single Sign-On (SSO) allows users to securely access multiple software tools using a single set of login credentials.

They main benefits are:

  • Convenience: Employees only need to remember 1 set of login credentials (instead of hundreds). This simplifies your employee experience, increases productivity and reduces IT support.

  • Security: you can enable MFA and other safeguards via your Identity Provider (IdP). SSO is also a common requirement for obtaining security certifications and compliance.

Which plans support SSO?

SSO is only available to customers on Pro, Premium and Platinum plans.

What is supported?

We support both OIDC and SAML 2.0 protocols. If your company is using a common Identity Provider (IdP) such as Microsoft Azure AD or Okta, the setup process is simple and easy.

Which users are affected by SSO?

When you configure SSO, you'll be prompted to specify which of your domains SSO should be applied to. The domain(s) you specify at this step determines which users will be prompted to login via SSO.

In short, all users who's email contains the domain(s) you've specified in your SSO config will be affected, across the Sitemate product suite, including all Dashpivot and Flowsite workspaces.

How can I setup SSO?

At present, SSO needs to be configured manually with the help of our team. If you'd like to setup SSO, just reach out our team via live chat or email. It typically takes less than 30 minutes to complete the config with your IT administrator.

How can I provision users?

It's not possible to automatically add users to Dashpivot via your Identity Provider (IdP). This wouldn't make sense because Dashpivot uses a folder hierarchy, and offers access and permission controls at each folder level.

So even with SSO enabled, you'll still need to add users to the relevant folders in Dashpivot directly, and set their permissions as normal.

However, with SSO enabled, you'll also need to provision these users inside your IdP, to ensure they can get routed back to Dashpivot once logged in. Without this, users will get blocked when they try to access Dashpivot.

Do you support IdP initiated login?

No. This type of login is inherently less secure than a Service Provider initiated login so we do not support it at this time.

How can I rollout SSO with my team?

Once SSO is configured, the last step is to enable it.

It's important to understand that when SSO is enabled, all users with the relevant domain(s) will be automatically logged out of Dashpivot and will need to login again, this time via your Identify Provider (IdP) eg. Microsoft Azure AD. This means that if someone is filling out a form, or part way through an upload, their work will be lost when they're logged out automatically.

For this reason, we strongly recommend scheduling SSO to be enabled out of hours to minimise disruption to your teams (eg. Thursday 6pm).

We also recommend communicating this with your team in advance to let them know whats happening. See below a standard communication you can use:

Hi there,

We are launching the Single Sign-On (SSO) feature on [date and time]

  • When this happens, you will be automatically logged out of Dashpivot on all devices.

  • To login to Dashpivot you'll be prompted to login to your company Microsoft account

  • This will occur on the Dashpivot website and in Dashpivot mobile app

  • Please make sure you have saved your work before this time, as any work in progress will be lost when SSO is switched on.

If you have any trouble logging in please contact [IT admin name] for support

Additional notes

  • Users will still login to Dashpivot via the normal Sitemate Auth login page. They will only be redirected to your Identity Provider (IdP) after they enter their email and click continue. Our system will detect if SSO is enabled for the user and route accordingly. If SSO is not enabled, a password field will be revealed and the user can login normally (not via an IdP).

  • SSO support was introduced in Dashpivot app version 23.3. So when SSO is enabled:

    • Users on app version 20.7 or later will be forced to update to the latest version.

    • Users on an older version wont be able to continue using Dashpivot unless they manually update.

How does SSO affect Visitor Users?

Dashpivot supports external visitor access, which allows people outside your organisation to access Dashpivot. These visitors will not be affected by SSO, as SSO is linked to the email domain(s) your organisation controls (ie. internal users only).

We recommend reviewing visitor user access regularly, and removing visitors who no longer require access.

If you'd like to enable SSO for visitors, there are only 2 ways to achieve this:

  • Issuing guest email addresses via your IdP which use your company's domain (these users will be counted as internal users using this method, which may have commercial implications on your subscription).

  • If the visitor company also has Dashpivot, they can enable SSO on their side. However, enforcement with this method falls outside your control.

If you have questions about SSO, please reach out to our team via live chat πŸ‘‹

How does SSO affect Sitemate app users?

SSO does not affect users of the Sitemate app. While users can submit forms via the Sitemate app into Dashpivot, users do not have access directly into Dashpivot and hence are not affected by SSO.

Can I turn off SSO?

Yes, it's possible to turn off SSO or modify the domains associated with your SSO connection. This is also a manual process, so please contact our team to process the changes at your nominated time and date.

When SSO is turned off, all of your users will need to reset their Dashpivot password via the login page (their old password will not work).

Did this answer your question?