SSO (Single Sign-On) is a method of signing your users into a platform with an existing user base that your organization already has (e.g. Microsoft, Google). Using SSO can ensure a flawless login process for your organization as well as heighten your company's security.
In this article, we will discuss:
What are the benefits of using SSO?
There are many benefits of using a single sign-on service.
These include:
Employees can sign on and authenticate via one service.
Adds another layer of security
Adding and removing employees from your organization can be done from your own user management tool such as Active Directory. This enables you to prevent the user from entering Connecteam without needing to remove them from connecteam.
What are the prerequisites to using SSO?
Currently, the prerequisites to using SSO are to use Okta as your single service provider. In Connecteam the capability to integrate with Okta is only available if you are on the Enterprise Plan.
How to set up SSO step-by-step
To set up SSO first navigate to your General Settings, under your avatar in the top right corner. Then enter the security settings and toggle on the SSO option.
💡 Tip: SSO login can only be set up by owners.
Once SSO is toggled on and you have selected Okta, follow these steps:
Go to the Applications tab in your Okta account's settings (insertdomain-admin.okta.com/admin/apps/active)
Navigate to the side menu and open the Applications tab. Click Create App Integration.
In the Sign-in method choose OIDC - OpenID Connect and in the Application type choose Web Application. Click Next.
In the App integration name, enter a name. You can rename it to Connecteam or any other name you would like to call this integration.
Then, add a logo (optional).
In the Sign-in redirect URIs section, copy the Redirect URI found in the Okta SSO section in Connecteam and paste it into Okta.
In the Assignments section, select whether to assign the app integration to everyone in your organization, only selected group(s) or skip assignment until after app creation. Keep in mind that if you choose 'Skip group assignment for now', no owners or admins will be able to log into Connecteam until you allow access. Then, click Save.
Now you have successfully created the integration with Connecteam, and you will be redirected to the integration page. To finish setting up the SSO, continue to the following steps:
In the General tab, copy and paste the Client ID and Client Secret from Okta into Connecteam's Okta SSO fields.
In the Assignments tab, check that the right people are assigned and that they have the same email listed in Okta and Connecteam. Users will not be able to log in to Connecteam if their emails are different in Okta and Connecteam.
In the Okta API Scopes tab, grant access to 'okta.authenticators.read' and 'okta.users.read.self' by clicking Grant on both.
💡 Tip: Use Ctrl+F to quickly find the scopes you need.
You can verify you have granted them access by going to the Granted tab and seeing that both appear there:
The last step is to copy the domain into Connecteam. In Okta, click on your user name at the top right corner and copy the domain. Paste the domain into the Domain field in Connecteam.
Now that you have the Client ID, Client Secret, and Domain pasted in Connecteam, click Save changes.
That's it! Your SSO setup is now complete and you can begin using it to log into your Connecteam account.
What does the login process look like when integrated with Okta?
After setting up SSO an owner or admin goes to Connecteam to log in. They begin the login process as normal by entering their phone number. Only the first time they log in they will select the option to log in via email instead of entering the code they receive.
Following the first login, owners and admins will simply enter their phone number and be automatically redirected to their Okta account. Once they log in via Okta, they will also get automatically logged into the Connecteam Dashboard.
💡Tip: SSO login can only be used on the desktop and is currently only available for owners and admins!
FAQs
What happens if an admin belongs to more than one account in Connecteam?
If an admin belongs to more than one company on Connecteam, the first step will be to put in his phone number and enter the verification code. Upon choosing a company with SSO, they'll be required to follow through the verification process to complete the login.
How can I change the Client Secret?
Go to the Connecteam integration on Okta and navigate to the General tab. Click Generate new secret (step 1) and change the status of the former secret to Inactive (step 2). Copy the new secret (step 3) to Connecteam's Okta integration information and click Save Changes.
How can I check all owner and admin email addresses in Connecteam to verify they match their emails in Okta?
Owners and admins cannot log into Connecteam if their email address does not match their email in Google. Therefore, to check that the emails in Connecteam match, go to the Users tab and click on the Admins tab. Here you can check each user's email address. Learn how to change emails here.
Related Articles
Need more guidance? 🙋 Our LIVE support team (at the bottom right corner of your screen) replies to ANY question.