If you already have an SSO application, you can onboard your users with their SSO accounts.

Staffbase Platform enables SSO onboarding using standards such as:

• SAML 2.0
• OpenID Connect   

You can use the Staffbase platform with different identity providers. For example:

• Active Directory Federation Services
• Amazon Cognito
• APM
• Gigya
• Google
• Microsoft Entra ID (formerly Azure Active Directory)
• Okta
• OneLogin
• SAP
• Shibboleth

Staffbase also supports multiple identity providers at the same time. If you want to enable multiple identity providers for your app, contact Staffbase Support or your Customer Success Manager.

To set up SSO onboarding, you need the initial support of your IT department. Since the user will not receive any new passwords, this method is very secure.

However, if you have a simple user structure and only want to edit the user data manually or not at all, then you don’t need to invest any further effort in user management. The SSO application will supply the necessary data. If you have many groups and want to continually keep the user data in the app up to date, then you will use automated user management.

You can use SSO onboarding in parallel with all other onboarding methods.

User Data Requirements

Manual user management in the app 

You don’t have to provide any data for SSO onboarding. All data is provided via SSO as soon as a user signs in.

In this case, you can only manually edit, organize, or delete users later.

Automated user management in the app: 

If you want to keep user data up to date using an import, then you must create the users in the system in advance.

Enter the following information for the users: 

• Identifier — this must be the same as the external ID used in the SSO source system
• First name
• Last name
• Email address — if you want to invite the users via email automatically

Optionally, you can also provide further information, such as:

• Location
• Department
• Position
• Additional information you wish to use with custom profile fields

Enter User Data in the Platform

You need to provide all user data before users access via SSO. Only registered users within the app can access it via SSO. If you need automated user management, you must use pre-register and create the users in the system using one of the following methods:

• CSV-Import
• User-API
• SCIM 2.0, for example, using Azure Active Directory

Inviting Users to the App

Manual user management and automated user management without the user's email address: 
You invite the users to the app yourself. Users only need the app name to install the app.

Automated user management with the user's email address: 

1. Import the user data into the system; for example, via CSV import.
2. Send the invitation emails. For example, during the CSV import, you confirm that you want to send the invitation emails directly after the import.
   The invitation email contains:
   • Name of the app
   • Information on how to download the app

How Users Register with the App

1. The user opens the app or web app.
2. The user clicks Sign in with Single-Sign-On account.
3. Optionally, the user confirms your terms of use or the privacy policy.
4. Afterwards the user is forwarded to your SSO identity provider.
   After finishing the SSO registration, the user is forwarded to the app.
5. Optionally, the user is asked to complete the profile and enter more information.

At this point, the user has an active account and can sign in using their email and the new password.

How Users Can Reset Their Password

If a user forgets their SSO password, the password is reset via your SSO application.