Articles in this section

See more

Getting Your Employees Connected With SSO

Avatar
Ryan Taylor
  • Updated
Follow

SSO is your one set of corporate credentials that you use to sign in to multiple services or platforms. 

 

Quick Links: 

SSO In General

SSO is a means of logging in to Do Some Good using your employers credentials. It will also allow your IT team to manage which users have access to Do Some Good and which do not, including automatically removing users from Do Some Good who are no longer working with your business. 

Every time a team member connects to your business with SSO they are connected as and employee. If you want a person to be an administrator, have them connect with SSO as an employee and then assign them the permissions you feel are appropriate. 

More details on SSO settings and enforcement levels can be found here

 

Getting New Team Members to Create an Account with SSO

Getting new employees connected with SSO is very simple, give them clear communication that they must use their work email address and the rest will happen automatically. Send your employees to the Do Some Good login page and they can enter their email and press 'Next' or click the 'Connect With Workplace SSO' link. In either case, as long as they use their work credentials a new Do Some Good account will be created for them and linked as an employee to your business. 

NOTE: An new employee might have an existing Do Some Good account from personal use or from a previous employer. If so, they should connect that existing account by following the instructions below. Otherwise a duplicate account could be created. 

 

 

Getting Existing Do Some Good Accounts Connected with SSO

If you started using the Do Some Good platform before your business configured SSO, you very likely have team members who already have Do Some Good accounts that use an email address and password or a social account to log in. It is important to connect these team members with SSO the correct way to avoid duplicate accounts. If a user is not using their work email address and attempts to log in with their SSO credentials, a new Do Some Good account will be created rather than linking the existing Do Some Good account.

Monitoring Which Team Members Have Connected To SSO

Your Team page has multiple tools to monitor which employees are connected via SSO and which are not. 

  • If a team member is connected to SSO, there will be an Azure icon next to the name of the person. If the person is not connected there will be no Azure icon. 

  • There is a column titled 'Work Email' which is the email address that is associated with a connected SSO account. Your team member will likely use this as their main communications email (Email Address column) but it is possible it could be different if the team member chose to use a different address. 
  • There is a column with the label 'External'. External users are those that use an email address that is not one of the officially registered domains with Do Some Good. If you need another email domain registered on Do Some Good, please contact support@dosomegood.ca and we will add it. 
  • If you want to filter and find users based on their SSO status, click the 'Show Advanced Filters' option in your Team list. There is an option to filter by Single Sign-On Status where you can find all users who are connected or not connected. This tool is especially useful when you are attempting to send communications to unconnected users. 

Sending an SSO Connection Request

Once you have identified which of your team members have not yet connected their existing account using the filters mentioned above, you can send an individual a request to connect to SSO by clicking on the triple dot menu next to their row, or a send a request to a group of team members using the bulk actions at the top of the Team list. This notification can ONLY be sent to team members who are not yet connected with SSO and also have a verified email address. 

As an administrator you will have the opportunity to provide a custom message to your team member(s) as well as preview the email communication that will be sent. 

The best feature of this SSO connection request is what we call a 'Magic Link'. When your team member clicks on the link in the email communication, they will immediately be logged in to Do Some Good and be presented with a screen to enter their SSO credentials. It does not matter which email address or login method the person used before or how long it has been since their last visit, the link will always log them in to the correct account. For security reasons this Magic Link is one time use only.

 

What you as an administrator will see when sending the request: 

 

What a team member will see after clicking on the Magic Link: 

Using SSO Enforcement to Connect Existing Users

There are several levels of enforcement you can use to limit the way new team members can connect to your business and which areas they can have access to. More details about those settings can be found here

If you choose the strict enforcement option, any team member who is logged in to Do Some good will see a banner across the top of their Do Some Good screen and they will be forbidden from accessing the team page or management area (administrators only) until they connect their account to SSO. 

 

Best Practices For Connecting Existing Team Members

Connecting new team members to Do Some Good with SSO is quite easy. The harder task is getting large numbers of team members, who may have created a Do Some Good account years ago to connect their accounts to Do Some Good. 

Our SSO Connection Request tool gives you as an administrator a way to ensure that an existing team member logs in with the correct Do Some Good account and avoids creating a duplicate account. This tool is especially helpful when:

  • Your business has been a long term client before configuring SSO. 
  • Your business has gone through a merger or rebranding and multiple email domains have been used. 
  • You have a number of team members that are not using their work email address to log in. 

Although our SSO Connection Request tool is very easy to use, it still requires your team member to take a minute out of their work day to click a link and enter their credentials. Giving your team members some motivation to do this can be very helpful in increasing uptake rate.

Consider advertising a contest to your team members to connect their accounts to SSO. This could take a number of forms: 

  • A weekly draw for all users who have already connected their accounts to SSO. The prize draw could be for a charitable donation, a T-shirt or any appropriate prize you see fit. 
  • A contest between departments, teams or locations. Give a prize to the teams as they get 100% SSO account links. 
  • Offer a prize for every 10th (or 50th or 100th) employee who links their account with SSO.   

 

 

 

 

 

Related articles

Comments

0 comments

Please sign in to leave a comment.