Single Sign-On (SSO) is an authentication system that allows your users to log into multiple different services by signing in once, using one set of credentials on your organization's page. Mediagraph supports enterprise single sign-on via three protocols: OpenID Connect, SAML, and CAS.
As an admin, you can enable one of these protocols, integrating Mediagraph with your organization's existing authorization system and allowing members a convenient and secure way to access Mediagraph. Consult with your IT department to learn which protocol you use, and to learn about the necessary credentials.
Enable Single Sign-On
- In the Manage tab, select Site Settings from the left-hand sidebar.
- Scroll down and click to open the Single Sign On dropdown.
- Click the radio button to Enable SSO.
- Select the SSO protocol your organization uses in the SSO Type field.
- Enter the necessary credentials into the fields that appear.
- If you want to require that your users use SSO to access Mediagraph, click the radio button to Hide Password Login.
Auto-add users to a Group according to SSO Group
If your organization has pre-existing Single Sign-On (SSO) groups, you can configure Mediagraph to automatically assign users to User Groups based on these SSO groups. For example, you can auto-add faculty and students to their respective groups based on SSO group memberships.
- Contact your IT department to request the ability to add users by SSO group.
- In the Manage panel, click User Groups.
- Click Edit next to a group you want to configure
- Edit Members
- Click to open the Add by SSO Group tab.
- Enter the name of the relevant SSO Group.
SSO Frequently Asked Questions
Can we disable Password Login for our organization while keeping it available for external visitors?
Currently, there is no option to disable password login exclusively for internal users while allowing it for external visitors. This functionality would require additional development and is complex due to the possibility of users belonging to multiple organizations or having personal accounts.
What happens when someone logs in using SSO for the first time?
When a user logs in via SSO for the first time, they are set up as a general member, unless Users can be automatically added to specific groups based on their email domain or the SSO group information provided by their Identity Provider.