As of 2022, Bananatag is Staffbase's Employee Email product.
With an Enterprise plan, configuring Single Sign-On (SSO) for Employee Email allows users to sign in with a single ID and password to gain access to their account. Depending on your company and IT requirements, employees may be able to use the same credentials as they do to access their cloud-based work applications, as well as work laptops and desktop devices.
Benefits of using SSO:
- Reduce password fatigue
- Reduce time spent re-entering passwords for the same identity
- Reduce IT costs with fewer support calls about passwords
- Improved security as the credentials are provided directly to the central SSO server
- Quicker access to team accounts
- Improved, seamless user experience across multiple domains
To help your organization plan for this type of integration, share this support article with your IT team and/or System Administrators.
- You have access to your organization’s Identity Provider (IdP) with the right permissions to configure SSO.
- You have access to Employee Email with Parent Admin permissions.
Only SP-initiated SSO requests are supported, not IdP-initiated requests. Access needs to take place through one of the following domains:
- North American customers - app.bananatag.com
- European customers - app.de.bananatag.com
Multi-domain configurations are not supported.
Additional domain users will be required to sign in with their username and password.
Adding Your Federation Metadata XML File to Employee Email
- Download a Federation Metadata XML file from your Identity Provider (IdP).
For example, from Azure Active Directory (AD).
- On the Employee Email Settings page, click the Single Sign-On tile.
If you do not see this tile, contact Staffbase Support or your Customer Success Manager for assistance.
It may be because you are not signed in with a Parent Admin account or it may be related to your organization’s current Employee Email account configuration.
- Enter your organization's Email Domain.
Unless you edit it, this field defaults to the domain for the email account that you are currently signed in with.
- Click Select and upload a Federation Metadata XML file.
This type of file must be downloaded from your IdP, for example, from Azure AD.
- Click Save and Update.
This process will generate the details required to enter in your IdP SSO configuration. Depending on your IdP, additional attribute details may need to be provided. For example, in Azure AD.
Ask Staffbase Support or your dedicated Technical Onboarding Engineer for assistance.
- Leave the SSO configuration page open while you test the SSO login process so that you can still click Delete SSO Connection and fix any issues that you may find.
After saving this configuration, the only way for employees in your organization to sign into Employee Email is through SSO.If you close the SSO configuration page and then find an issue when attempting to sign in, there is a risk that you and your colleagues may be locked out until you get assistance from Staffbase Support.
Testing Your New SSO Sign-in
- To test your new SSO sign-in process, open a new incognito browser window and go to the Employee Email sign-in page.
If you close the SSO configuration page and then find an issue when attempting to sign in, there is a risk that you and your colleagues may be locked out until you get assistance from Staffbase Support.
Please leave the configuration page open in the background while you test in the new window.
- Enter the Email Address of a user who is now set up to use SSO and click Next.
If the configuration is working correctly, you are prompted to authenticate with SSO.
Once you are authenticated successfully, you are taken to the main screen of the web app.
Please sign in to leave a comment.