We’ve developed some resources to help you work effectively from home during COVID-19 Click to learn more

Sign-in services

In this article

    The sign-in service determines how you get access to SuperOffice CRM Online and who manages your credentials.

    We currently support 3 models:

    Each provides the administrator and the end-user with a set of features. Some sets are overlapping, and some have configurable options. SuperOffice CRM Online will send users to the correct place to authenticate.

    The built-in standard sign-in service

    By default, all customers use the standard SuperOffice sign-in service. Each CRM Online user account has a separate password for each tenant.

    Credentials are site-specific: 1 CRM Online user account + password belongs to 1 site only. A centralized database of users is used to redirect the users to the correct tenant the user belongs to.

    Sign-in sequence:

    1. The user opens online.superoffice.com in a browser and enters their email address or username.

    2. The username is inspected and forwarded to the built-in standard service.

    3. The user is asked for a password, which is verified by identifying the correct site and then authenticated.

    4. The user is signed in to the correct site.

    The new SuperID sign-in service

    The SuperID sign-in service has 2 levels - basic and federated. Each CRM Online user accounts can belong to 1 SuperID user account. One CRM Online user account + password can belong to 1 or more sites.

    This service requires that the Online Operations Team configures the tenant to use SuperID. Enabling SuperID will move credentials from the individual tenant to centralized storage. At this point, we don't support moving back to standard sign-in service!

    Enabling SuperID for a tenant gives you the SuperID - basic set of features. If you would like to use SuperID - federated features, you need to register an identity provider.

    SuperID - basic

    The basic level of the SuperID sign-in service uses a password to authenticate like the standard sign-in service. However, this centralized model doesn't store passwords in the CRM Online database. It actually uses SuperID as the identity provider.

    Sign-in sequence:

    • The user opens online.superoffice.com in a browser and enters their email address or username.

    • The username is inspected and forwarded to id.superoffice.com

    • The user is asked for a password, which is verified by authenticating towards SuperID.

    • The user is signed in to the correct site (pick site if the user is connected to multiple sites).

    SuperID - federated

    SuperID supports using 3rd-party federated sign-in services as an add-on. You can choose either Microsoft or Google to authenticate. To use federated sign-in requires 2 steps to set up:

    If you plan to use federated sign-in services, we recommend that you enable SuperID and register an identity provider at the same time (or register the identity provider before enabling SuperID) to make the transition as lean as possible (only 1 operation for the end-user).

    Sign-in sequence:

    • The user opens online.superoffice.com in a browser and enters their email address or username.

    • The username is inspected and forwarded to id.superoffice.com.

    • The user is verified by delegating authenticating to Microsoft or Google.

      • SuperID receives and stores the sign-in session.

    • The user is signed in to the correct site (pick site if the user is connected to multiple sites).

    Passwords and user accounts
    Model Password granularity Password type Password storage Password management Authentication
    Standard (before) one-to-one text string or key phrase in the database of a specific tenant admin client of the tenant email address or username + password for 1 specific tenant
    SuperID - basic one-to-many text string or key phrase centrally id.superoffice.com SuperID user account
    SuperID - federated one-to-many up to the identity provider Microsoft or Google identity provider Microsoft or Google account