Skip to content
English
  • There are no suggestions because the search field is empty.

Managing Users and Groups with SSO Enabled

Anyone can create an account on any Findhelp site. However, your organization can grant certain users additional functionality and reporting access on your specific site.

Seamless Login and User Provisioning

Single Sign-On (SSO) functionality offers two key benefits for your organization:

  • Automatic Account Creation: User accounts are created automatically without manual intervention when a user logs in for the first time. Your company's existing system (Active Directory or AD) passes the necessary user information to your Findhelp site, making it a quick, hands-off process.

  • Seamless Login: Authorized users can log into your site using the same credentials (username and password) they use for another one of your company's systems, providing a simple, uninterrupted experience.

 

Configuring Single Sign-On (SSO) and User Groups

Setting up Single Sign-On (SSO) allows user accounts to be automatically created and assigned to groups on your Findhelp site. To ensure a user account is automatically created via SSO, your Active Directory (AD) system must pass the following required attributes to your Findhelp site:

  • Email
  • Name ID
  • First Name
  • Last Name

Optional attributes such as Title, Department, and Group can also be configured to populate the user's profile.

Action Item: Work with your Active Directory Administrator and Customer Success Manager to confirm that all required and desired attributes are correctly passed from your AD system.

 

Initial Steps to Set Up Groups

When a user accesses your site for the first time using SSO, they can be automatically assigned to a group via the special "group" attribute passed from your AD.

Your groups can be established in one of two ways:

  • Dynamic Group Creation: Groups can be created automatically on your site based on a specific field in your organization's Active Directory (e.g., Department or Location).

  • Static Group Assignment: A single, specific Group can be automatically applied to all users upon sign-in.

Important Note: SSO can only automatically assign a user to one group. While users can belong to multiple groups, any additional groups must be manually created and assigned by a Site Administrator or Group Manager.

 

Determining and Configuring Automatic Group Assignment

To decide which group(s) should be automatically assigned:

  1. Determine Mapping: Consult with your Active Directory Administrator to identify an AD attribute that can be used to assign a specific group to a user (e.g., mapping a user's AD "Role" to a "Case Worker" group on Findhelp).

  2. Configure Group Attribute: Work with your Active Directory Administrator and Customer Success Manager to ensure the appropriate "group" attribute is passed from your AD system to your Findhelp site for each relevant group.

(Optional) Enable Team Navigation

By default, groups that are automatically created via SSO do not have Team Navigation enabled.

Action Item: If you want your SSO-created groups to share resources like favorite folders, notes, and assessments, work with your Customer Success Manager to enable Team Navigation for those specific groups.

 

Removing Access Via Active Directory

If a user needs to be removed from your Findhelp site, the primary action is taken within your organization's Active Directory (AD) system.

  1. Deactivate the User: When you remove or deactivate a user's account in your AD system, they automatically lose the ability to log in to Findhelp.

  2. No Further Action Needed: Because the SSO process relies on validating the user with your AD, once the user is deactivated in AD, they cannot gain access. You do not need to take any additional steps on the Findhelp site to remove their access.