Enforce Single Sign-On (SSO)

3 minutes
3 weeks ago
single sign-onSSOHub settings
Table of Contents

This article explains how to configure your hub to enforce Single Sign-On. For information on what Single Sign-On is and how to sign in to your Newforma Konekt account with Microsoft, please see this Help article: Using Single Sign-on (SSO).

Overview

This feature forces a user to sign in using SSO if they want to access the hub where their domain is set, and disables a user’s ability to use email/password credentials to sign into Newforma Konekt.

Currently, Newforma Konekt only supports Microsoft Single Sign-On for cloud directories.

What are the benefits of enforcing SSO?

The benefits of enforcing single sign-on are:

  • Time savings for hub admins through automation of user authentication
    • If enabled, when a user leaves, or is removed from a company, the company no longer must manually remove that user from Newforma Konekt.
    • The authentication relies on the link to Microsoft AD to disable that users access.
  • Streamlined account management – Centralize user account management and automatically remove user access across all systems at once.
  • Simplified user experience – Provide a superior sign-in experience by limiting the number of passwords employees have to remember.

Are there any prerequisites for enforcing SSO?

You must be a Hub Administrator to restrict login options to Single Sign-On only for specified domains. please note the following:

  1. This setting applies to an entire hub; you cannot configure the SSO requirement for individual projects.
  2. Only admins can add and remove domains in the Enforce SSO field
  3. Any internal domain can be added
  4. Domains are not case sensitive

For additional security, it is recommended that users enable multi-factor authentication on their Microsoft account to reduce the risk of unauthorized access (see Set up your users with multifactor authentication)

How do I enforce SSO within my Hub?

You must be a Hub Administrator to restrict login options to Single Sign-On only for specified domains.

  1. Browse to Newforma Konekt portal.
  2. Select the Hub which you would like to configure.
  3. Select on Hub Settings
  4. Select within the text box to the right of Enforce Microsoft SSO
  5. Type in the domain you want to configure, press enter. The next time a user from the specified domain logs in, they will see a banner which navigates them to log out and use SSO to log in. The user will only see the banner when they try to access a hub with SSO set up with their domain. Note that they must use SSO to login moving forward as their traditional email and password login will be disabled.
    If you use an email alias:
    When a user logs in using SSO for the first time, Newforma will try and match the email from their SSO login to an existing email account from all regions and link them together, if we are unable to find one, we will automatically create a new account.
    Any future logins with SSO for that user will always use the linked account, no matter if it was a primary or an alias account
    If you use an email alias to log into Newforma Konekt, make sure that the first login with SSO matches the Alias account for the first login, subsequent logins can use any Microsoft account tied to that user.
single sign-onSSOHub settings
Table of Contents