All Categories ​ > ​ ​Account settings ​ > ​     Managing your team, Single Sign On (SSO) and other settings

Managing your team, Single Sign On (SSO) and other settings

You can find your account settings by clicking on your profile picture in the bottom left corner.

There you will find the following sections

  1. Your Profile: Here you can update your name, password as well as your profile photo
  2. Your Team: This is where you can invite your colleagues to your account, manage their permissions (if you're an Owner or Admin), enable Single Sign On and more
  3. Stats: This section shows an activity feed within your account - how many documents are being synchronized every hour, how are your rules doing, and all the interactions between members of your team
  4. Shared history This section helps you to manage all share items, review access requests and list all shared documents, projects and so on. Read more here.

How to add users to your account

Each workspace has a unique invite link assigned. Account Owners can copy the link and share it with colleagues, once they go to the sign up page, users that have clicked the magic link will be able to join your account right away, by providing their name, email and password.

By default all users who join this way will have read-only permission assigned in the default workspace and Dog's Demo workspace.

The Account Owner will be notified whenever a new team member joins via the magic link.

If you do not recognize the new team member, you can remove them from your account and refresh the invite link so that the previous one cannot be used any more.

📧 Inviting via email

Adding a team member couldn't be simpler! Complete the following steps:

  1. Select "Your team" from the user menu, by clicking your avatar in the bottom left of the app
  2. Select "Invite via email" option
  3. Enter the name, email address and the permission role you want to assign.
  4. Hit "Invite".  

Your team-mate will now receive an email, prompting them to set a password and activate their EnjoyHQ account.

Happy collaboration! 🙌

Single Sign On

You can greatly simplify how your colleagues join and access your EnjoyHQ data by setting up SSO. This frees you up from sending out invites and managing access to most of resources.

We offer a set of different Single Sign On options, which Account Owners can configure:

  • Google SAML (G-Suite)
  • Okta
  • Azure AD
  • AD FS
  • OneLogin
  • generic SAML 2.0
SSO and Security: All SSO options are powered by WorkOS - an Enterprise grade SSO connector. WorkOS stores only the details necessary to initiate a delegated authentication flow: they do not store any of your credentials or user information but simply act as means of simplifying authentication. You can learn more about WorkOS' security here
SSO Setup

To link EnjoyHQ and your Google Apps account Owners can go to the team management section and navigate to the Single Sign On option and then click on "Configure SSO". From there follow steps in the configuration wizard:

Example setup: Okta

When Owners wish to sett up Okta, all they will need is the SSO configuration at hand - fastest way is to export the IDP.xml file from your Okta settings - read more about it here. When ready click on "Configure SSO" button and follow the steps:

Example setup: Google G-Suite

Once Account Owner users click on "Configure SSO", select "Google" and enter all domains which are linked to your G-Suite organization:

Signing-in

From now on, any colleague from your team will be able to sign in via configured SSO option. All they have to do is to the "Login with SSO" and input your company's domain, as configured in the Setup step.

By default all users who join via SSO will have read-only permission assigned in the default workspace and the Dogs Demo workspace.

Removing a Team Member

If you need to remove someone from your account, then you can do so by clicking "Remove", next to their email address in the Team Members section of your Team Settings.

Users who are removed won't be able to sign-in again, be invited again or open a brand new EnjoyHQ account. If SSO is configured, deleted users won't be able to sign in.

Removing a team member will not delete any of the data that they have added or created in your account. Instead their projects, stories etc will still be present, and the author will be denoted as "deleted".

User Permissions

Please refer to the roles and permissions page.

Transferring account ownership

In order to transfer ownership of an account you can reach out to Technical Support specifying who will take the role of Owner for the account going forward.

Q&A

  1. Can I connect more than one SSO option (e.g. Okta and Google G-Suite)?

No, only one connection can be active at a time.

  1. Do you support generic SAML 2.0 for SSO?

Yes, the SSO setup wizard will guide through SAML 2.0 setup

  1. Do I have to invite users if SSO is configured?

No - anybody in your configured Sign-On directory can just sign up without a prior invitation. By default their permission level will be set to read-only and can be changed later.

While the email invite and magic link options are still available if you'd like to add users outside of your organization, bear in mind that if you have invited a user from your team and they try to sign-in while the invitation is pending - they won't be able to sign in until they accept the invitation.

  1. What happens when a new team member signs in via SSO?

If a new user joins your team by signing in via SSO the following happens:

  • a new user is created in your team
  • their permission is set to read-only
  • they have access to the default workspace
  • their user record by default will have password authentication disabled but it can be enabled if they choose to switch to "email & password" login and reset their password

If a user was added to your team, prior to enabling SSO they can still use it to log in, assuming their email address is the same in your identity provider (Google G-Suite, Okta, etc)

  1. How are EnjoyHQ users linked to users signing-in via SSO?

SSO matches users via their email address, so if your (as an example) G-Suite email is jenny@example.com and you've signed up with that email address - then signing in via SSO will work out of the box. If the emails are not matched (for example in G-Suite, your email address is jenny.doe@example.com), we will create a new team member with the email provided by the SSO endpoint, and grant them read-only role. The only way to log in to your original user account is by providing email & password.

This is sometimes undesirable, so please reach out to us and we can update the emails for you to match the existing user in Enjoy to the one in your SSO provider.

  1. Does the SSO support attributes or groups assigned by the identity provider?

No, SSO is used only for signing in. EnjoyHQ account administrators are responsible for assigning and controlling user roles from within EnjoyHQ.

  1. What happens to a person who is removed from our identity provider? Do they get deleted from EnjoyHQ automatically?

No, since access to SSO is revoked this person won't be able to sign in anymore, and has to be removed manually from EnjoyHQ.

  1. How can I bypass SSO and log in with email and password?

Sometimes SSO setup can go wrong, so you might need to bypass single-sign on to fix it or remove the connection. To do so, go to the sign in page, do not try to sign-in and click on the "do you need to log in with email & password" link first.

Now the form will allow you to input your email and password. If you don't know it or lost it, you'll have to go through the password reset process first.

How Did We Do?

Powered by HelpDocs (opens in a new tab)