Sign On Overview¶
For employee login we support the following Sign On methods:
- System Account (email & password)
- Single Sign On (SAML)
This is the default method for logging in as an employee. When you add an employee they are emailed a registration link. Upon clicking this link they must set a password and on any future visits they enter their email address and the password to login.
By default passwords security is set to Medium (which is a minimum of 8 characters including at least 1 number, 1 lowercase and 1 uppercase character) and passwords expire every 365 days. If you want to set a higher security level and/or expire passwords more frequently then go to Settings > Sign On and click Settings next to System Account.
3rd Party Sign On¶
As well as logging in using an email and password you can also allow your employees to login with one of their existing accounts. We support the following:
- Office 365
- G Suite (Google)
To enable, you just tick the required box in the system account settings page. Once enabled your employees will be shown the selected login options which will redirect them to the 3rd party login. Once authenticated they will then be automatically logged into our system.
The email address in the 3rd party system must match the email address used in our system.
Single Sign On (SAML)¶
SAML stands for Security Assertion Markup Language and is a standard for logging users into applications based on credentials from another system. This Single Sign On (SSO) login standard has significant advantages:
- No need to type in separate credentials
- No need to remember and renew multiple passwords
- Less chance of weak passwords or password re-use
- Passwords are not stored in our system so cannot be compromised
Most organisations already know the identity of their users because they are logged in to their computers using Active Directory or they use cloud identity provider (e.g. Office 365, OKTA, etc.). It therefore makes sense to use this centrally managed information to log users in to other applications, such as web-based applications, and one of the more elegant ways of doing this is by using SAML.
Below you will find our setup guides, if you can’t see your provider please use the generic guide.
Can I have more than one method enabled at the same time?
No, if you enable Single Sign On (SAML) it will automatically disable the System Account login. If you use Single Sign On it is more convenient to login but it also means we do not need to store any passwords in our system which means it is much more secure.
Do I have to setup and manage an internal Identity Provider server?
Of course not, you can use any Identity Provider that supports SAML 2.0 whether its local/internal (e.g. Microsoft ADFS) or based in the cloud (e.g. Office 365, OKTA, etc.).
I cant see my SAML Identity Provider in your list?
We are always looking to improve our SAML setup guides, if you would like to suggest an additional provider please contact support. However, as long as your Identity Provider supports SAML 2.0 you should be able to set them up using the generic guide.