Set up your organization to sign with your choice of identity provider.
Don't want to add to the list of passwords your colleagues have to remember?
Samm now offers single sign on - authenticate via your existing systems so you don't have to use a separate Samm password.
Required Permissions
To configure a new Identity Provider (that is, enable SSO) you must be a Super User with Manage Organization permission.
Get Started
You'll find the settings under Admin, then Identity Providers.

You'll land on a screen that shows a list of different Identity Providers:

Depending on the Identity Provider you select, you'll see slightly different options.
Google, Microsoft, Procore, or Autodesk

Name: This defaults to "Microsoft", "Google" "Procore", or "Autodesk" - if you keep this, the button on your sign in screen will say, for example, "Sign in with Google".

Description: An admin only field, this is not displayed anywhere else.
Unknown user message: See section People who don't have an APE account yet.
When you're ready, select Activate and Update Identity Provider.
SAML 2.0 (Other)
With this custom option, you'll need to provide some additional information.

Where to find those details will depend on your provider.
Once it's set up
When you have at least one Identity Provider activated, all users in your Organization will have the option to sign in to Samm with SSO:

Clicking on one of the SSO options (your organization will likely prefer just one), will take you to a sign in screen for the identity provider. You may also be asked to confirm some permissions.
If your email with the identity provider matches your Samm user email, you'll be signed straight in to Samm without needing to complete your Samm password.
Email Matching
The email address for the Samm user must match the one used with the Identity Provider account. For example, if I sign in to Procore with firstname@company.com, my Samm account must also have the email address firstname@company.com.
People who don't have Samm account yet
When you set up a new Identity Provider, you'll be asked to provide a message - this is what people will see if they can authenticate with the Identity provider but their email address isn't associated with any Samm user.
We've provided a default message, but we recommend adding something like the below - which tells your people who to contact if they'd like to be added as a user.

Comments
0 comments
Please sign in to leave a comment.