Skip to main content
Using single sign-on
S
Written by Sonal Singhal
Updated over 9 months ago

Crowdicity allows users to sign in with an identity provided by your organisation. Single sign-on (SSO) allows your users to log in with their organisation credentials instead of having to remember a separate username and password specifically for Crowdicity.

In this article:

  • What is single sign-on?

  • Can I add SSO to an existing community?

  • What users see when they log in using SSO

  • Supported SSO connections

  • Getting single sign-on for your community

  • Supported SSO methods

  • Frequently Asked Questions


What is single sign-on?

Before Crowdicity will let someone log into your community it needs to know 2 things:

  1. That the person is who they say they are (authentication).

  2. That the person has permission to log into the community (access).

Single sign-on (SSO) is a way of proving someone’s identity (authentication), it allows them to sign into your Crowdicity community using their existing log in details i.e. their company username and password.

With SSO you will still need to give users permission to log into your Crowdicity community. You can find out how to do this in our guide to inviting users to your community.


Can I add SSO to an existing community?

Yes, absolutely! You can add an SSO method to your community as soon as you're ready to do so.

What happens to users with existing Crowdicity accounts?

As long as the email address from the Single Sign-On accounts matches the email address the user entered to register their Crowdicity account, Crowdicity will match them up with their existing account.

The first time they log in, the user will be prompted to approve the new login method by entering the password from their existing Crowdicity account (the email address field will be pre-populated):


What will users see when they log in using SSO?

When users visit a community which uses SSO, they'll be presented with an Organisational Login option:

You can change the name of this log in option in Community Settings in the Authentication tab in the SAML2 section:


Clicking Sign In will direct the user to the login page for your organisation where they can enter their usual login credentials:

After entering their log in successfully they will then be returned to your Crowdicity Community. If it’s the first time the user has logged in, they will be prompted to agree to the Crowdicity terms and complete their user profile information. When users go to the community login page and click 'Sign in', they will be redirected to your organisation’s sign-in page.


Getting single sign-on for your community

If you are a community administrator, you will need to contact your organisation's IT support team, they will need to set up your organisation's systems to work with your Crowdicity community.

Direct the relevant person or team to our guide to setting up SSO. This guide contains step by step instructions on how to set up a single sign-on connection between your systems and Crowdicity.

You will also need to provide someone on your IT team with administrator-level access to your Crowdicity community so that they can configure the community settings for you.


Supported SSO connections

Crowdicity supports SAML2 and Azure active directory. We are also available as an app on OneLogin.

Our guide to Setting up SSO provides downloadable step-by-step instructions on how to set up both SAML2 and Azure AD (via Saml) to work with Crowdicity.


FAQs

When are Crowdicity accounts created?

Crowdicity accounts are created for users the first time that they successfully log in using their organisational username and password.

Do users have to register?

Crowdicity automatically registers new users, creating a Crowdicity account based on the profile information we receive from your identity provider.

How is access to Crowdicity managed? Do I have to invite users?

If your Crowdicity community is Private (closed) then you need to invite users into the community, even if they are logging in using their organisation username and password.

To allow someone access to your community, you can either invite them using their email address or you can ‘whitelist’ all email addresses from a specific domain

What happens when someone leaves the company, can they still log in?

If a user has been removed from your organisation’s active directory, they will not be able to log into their Crowdicity account using their single sign-on credentials, in other words, they won't be able to provide authentication.

To remove a user from your community if you remove a user, they will no longer have access to your community; if a user logs into their account another way (ie not through SSO) then they will log into their Crowdicity account, but they won't be allowed into your community.

What information can you pull through from our system?

This depends on the information stored in your Active Directory, and the way that it is stored. In most cases, we will pull email, first name and surname (or full name). In many cases, we can also populate the Crowdicity platform with additional information such as job title, department, or location (if this information is available).

How can we pull additional information from our system?

If you would like to pull additional information from your active directory such as users title, department, you'll first need to create custom profile fields. Once created, these fields will be populated in Community Settings in the Authentication tab under SAML2 settings. For each field, you will need to map each field to the incoming SAML field to ensure the correct information is pulled over.

Can we lock profile fields so users can't edit them?

Yes, if you're pulling information from an active directory and would like to include existing data to a users profile, you can lock these fields. You can do this in Community Settings in the Authentication tab under SAML2 settings. Simply click the checkbox next to each field you would like to lock:

How long does it take to set up SSO?

Assuming your systems meet the necessary requirements, the process is straightforward: we have step by step documentation to assist your staff in the set-up. The length of time needed to set up SSO will depend on the availability and experience of your IT Team and the set up of your active directory.

If it is a relatively straightforward set-up, it can typically be done in under a day but if there are additional complications, it could take a number of days or, in rare cases, weeks to resolve.

Did this answer your question?