Set up your organization to sign with your choice of identity provider.
Don't want to add to the list of passwords your colleagues have to remember?
Damstra Forms now offers single sign-on - authenticate via your existing systems so you don't have to use a separate Damstra Forms password.
Required Permissions
To configure a new Identity Provider (that is, enable SSO) you must be a Super User with Manage Organization permission.
Get Started
You'll find the settings under Admin, then Identity Providers.

You'll land on a screen that shows a list of different Identity Providers:

Depending on the Identity Provider you select, you'll see slightly different options.
Google, Microsoft, Procore, or Autodesk

Name: This defaults to "Microsoft", "Google" "Procore", or "Autodesk" - if you keep this, the button on your sign-in screen will say, for example, "Sign in with Google".

Description: An admin-only field, this is not displayed anywhere else.
Unknown user message: See section People who don't have an APE account yet.
When you're ready, select Activate and Update Identity Provider.
SAML 2.0 (Other)
With this custom option, you'll need to provide some additional information.

Where to find those details will depend on your provider.
Once it's set up
When you have at least one Identity Provider activated, all users in your Organization will have the option to sign in to Damstra Forms with SSO:

Clicking on one of the SSO options (your organization will likely prefer just one), will take you to a sign-in screen for the identity provider. You may also be asked to confirm some permissions.
If your email with the identity provider matches your Damstra Forms user email, you'll be signed straight into Damstra Forms without needing to complete your Damstra Forms password.
Email Matching
The email address for the Damstra Forms user must match the one used with the Identity Provider account. For example, if I sign in to Procore with firstname@company.com, my Damstra Forms account must also have the email address firstname@company.com.
People who don't have Damstra Forms account yet
When you set up a new Identity Provider, you'll be asked to provide a message - this is what people will see if they can authenticate with the Identity provider but their email address isn't associated with any Damstra Forms user.
We've provided a default message, but we recommend adding something like the below - which tells your people who to contact if they'd like to be added as a user.

Comments
0 comments
Please sign in to leave a comment.