Single sign-on allows you to authenticate users through a 3rd-party identifier service such as Microsoft or Google, which checks to see whether the user trying to sign into PublicInput with a given email domain - e.g., anywheretown.gov - has an active account with the 3rd-party service on your organization's active directory. Not only does this allow users to sign into PublicInput with their credentials for that service (rather than with PublicInput credentials), it also ensures that users who should no longer have access to PublicInput will not need to be removed from the list of admins on our platform; instead, the system will check to see whether the user is still active in your active directory. This way, secure access is maintained only for active employees.
Please note that this feature is available only to accounts on the Complete Plan. Speak with your Customer Success Manager if you do not have this plan and would like to get signed up! You can reach out to [email protected] if you need help reaching your CSM.
To set up Single Sign-On, navigate to the Organizational Settings page on the left-hand navigation bar.
On the Settings page, click the Email link.
Here, take note of the email domain featured in "Custom email sending domains" with the "mail" prefix - e.g., mail.anywheretown.gov. This is the domain you will use for setting up SSO.
Now navigate on the left-hand sidebar to SSO.
Here, click the button for "Add new SSO provider."
This will bring up the modal for setting up SSO for your domain. Here, you will select your parameters:
Select your third-party authenticator from the drop-down list of options:
Enter the email domain that you noted in the Email settings earlier.
Optional: check the box for "Soft launch mode." This mode does not require users to sign in with SSO but does display a notice that SSO will soon be required. This is useful when users have not yet been made aware that this change is being made.
Click the "Save Changes" button to apply these settings.
Once this change has been made, users signing into PublicInput with your email domain will be prompted to sign in with their Microsoft account. If they have previously registered with their email address, they can add their Microsoft account.