This guide will explain how to register your IDP to use SuperID and your Identity Provider (IDP) to log in to the SuperOffice Online platform.
- A SuperOffice Online site ready for SuperID
- Minimum version 11.1 of WebTools (can be downloaded from inside the client)
- Google or Microsoft account (Google or Microsoft support only at this point. For other IDP providers – please give your feedback – and we will look into adding support for it)
- If you plan to use Microsoft account (AAD): you need to be "Global Admin" in your AAD to perform the "Initialization step"
Technical article on SuperOffice Online Open ID Connect can be found on Community.
Terms and conditions
Password administration will be self-service, SO Admin will lose their ability to set and reset a users password from the SO Admin client.
Note: Creation of new User" feature from Admin requires users to validate their authentication through 2-step email verification. You must, therefore, have access to this users email to verify the user before you are able to use and log in.
- Initialization: registering your domain name
- Adding users: Register users in SO Admin to send an invite and get users to log in
1. Initialization: Registering your domain name
Registering your domain name in the SuperOffice environment.
Before the users can use the authentication provider for your domain, the domain must be registered in our systems. This will enable the login process to recognize the user's email address' domain - and redirect to the correct IDP for authentication.
Step 1. Go to https://id.superoffice.com/identityprovider/register
Step 2. Choose your organization's identity provider (Google or Microsoft) based on the pre-check step above
Step 3. You are re-routed to the providers' login page – to authenticate accept the permissions.
Note: If Microsoft account (AAD): you need to be "Global Admin" in your AAD to perform this "Initialization step"
Step 4. Accept and confirm the setup.
Your organization's domain name is now registered in the SuperOffice environment - and can be used by IDP-ready sites for users using SuperID.
When the user logs in, their email address' domain name will then be recognized and they will be forwarded to the IDP provider to authenticate. Read more in the next section (step 2) and our "Question and Answer" section below.
2. Adding new users:
Register new users in SO Admin to send an invite and get users to log in. All existing users in your site with a User Plan will get an email with a link to activate their account - see the previous section.
To enable the users to use the authentication provider for your domain – add them to SO Admin. By adding them to SO Admin – SO Admin will send a "user activation invite" to the user's email address registered.
Step 1. Admin adds the new user in SO Admin and submit the user's email address (using the correct domain name) in the email field and click "Save".
Step 2. Choose "License information" (user plan) and click "Save".
Step 3. User will receive an invitation email in their email inbox. User clicks the activation link to activate the account.
This will also convert the user from using SuperOffice authentication - to use SuperID. To perform this step the user must verify by clicking the IDP button (Google / O365).
If the user's browser session doesn't have an active session from the IDP provider – they will be redirected to the provider of the IDP to log in.
If the user's browser session has an active session from the IDP provider – they will be continuing to the verification of connection to IDP page.
User will now be logged in to CRM Online.
Setup for the new user is now complete.
Login into CRM Online
Next time the user logs in from online.superoffice.com and provide the correct email address – the user is forwarded to SuperID to establish which service to use:
If the user's browser session doesn't have an active session from the IDP provider – they will be redirected to the provider of the IDP to log in / authenticate.
If the user's browser session has an active session from the IDP provider – they will be logged into CRM Online.
Questions and Answers
For a normal user - there is not much difference at all. To reset the SuperOffice password user must use the email verification process. Admin cannot set users password in Admin any longer. The user using IDP will need to use the IDP's reset password feature to reset the password.
You don't :) Passwords is handled through your IDP (ie. Microsoft or Google)
The user use reset password feature through the IDP service
When an IDP is set for the domain name (ie. firstname.lastname@example.org, the domain is company.com) - users of this domain will be asked to use IDP when logging in 1st. time. Once a user is set to use IDP - one must contact support to get it disconnected from IDP - to use SuperOffice password. If you do not want users to be asked to use IDP when logging in 1st. time - the IDP can be switched off by contacting support.