We’ve developed some resources to help you work effectively from home during COVID-19 Click to learn more

How to configure IDP SuperID

In this article

    This guide will explain how to register your IDP to use SuperID and your Identity Provider (IDP) to log in to the SuperOffice Online platform.

    Pre-requisites 

    • A SuperOffice Online site ready for SuperID
    • Minimum version 11.1 of WebTools (can be downloaded from inside the client)
    • Google or Microsoft account (Google or Microsoft support only at this point. For other IDP providers – please give your feedback – and we will look into adding support for it)
      • If you plan to use Microsoft account (AAD): you need to be "Global Admin" in your AAD to perform the "Initialization step" 

    Technical article on SuperOffice Online Open ID Connect can be found on Community. 

    Terms and conditions

    Password administration will be self-service, SO Admin will lose their ability to set and reset a users password from the SO Admin client.
    Note: Creation of new User" feature from Admin requires users to validate their authentication through 2-step email verification. You must, therefore, have access to this users email to verify the user before you are able to use and log in.

     

    2-step guide: 

     

    1. Initialization: registering your domain name
    2. Adding users: Register users in SO Admin to send an invite and get users to log in 

     

     

    1. Initialization: Registering your domain name

    Registering your domain name in the SuperOffice environment.

    Before the users can use the authentication provider for your domain, the domain must be registered in our systems.  This will enable the login process to recognize the user's email address' domain - and redirect to the correct IDP for authentication.

    Step 1. Go to https://id.superoffice.com/identityprovider/register 

    Step 2. Choose your organization's identity provider (Google or Microsoft) based on the pre-check step above 

    image0x5j.png

    Step 3. You are re-routed to the providers' login page – to authenticate accept the permissions.

    Microsoft: 

    Note: If Microsoft account (AAD): you need to be "Global Admin" in your AAD to perform this "Initialization step" 

     imagenr3vs.pngimage3lix9.png

    Google: 

     imageyc2p.png

     

    Step 4. Accept and confirm the setup. 

    Microsoft: 

     image95szq.png

    Google: 

     image1x2xg.png

     Your organization's domain name is now registered in the SuperOffice environment - and can be used by IDP-ready sites for users using SuperID.

    When the user logs in, their email address' domain name will then be recognized and they will be forwarded to the IDP provider to authenticate. Read more in the next section (step 2) and our "Question and Answer" section below.

     

    2. Adding new users:

    Register new users in SO Admin to send an invite and get users to log in. All existing users in your site with a User Plan will get an email with a link to activate their account - see the previous section.

    To enable the users to use the authentication provider for your domain – add them to SO Admin. By adding them to SO Admin – SO Admin will send a "user activation invite" to the user's email address registered. 

    Step 1. Admin adds the new user in SO Admin and submit the user's email address (using the correct domain name) in the email field and click "Save". 

    imagei85w5.png

    image04ymf.png

    Step 2. Choose "License information" (user plan) and click "Save". 

    Step 3. User will receive an invitation email in their email inbox. User clicks the activation link to activate the account. 

     

     imagefj1a6.pngimaged7coq.png

    This will also convert the user from using SuperOffice authentication - to use SuperID. To perform this step the user must verify by clicking the IDP button (Google / O365).

     imagehi1b8.png

    If the user's browser session doesn't have an active session from the IDP provider – they will be redirected to the provider of the IDP to log in.   

    If the user's browser session has an active session from the IDP provider – they will be continuing to the verification of connection to IDP page. 

    image76ah.png

    User will now be logged in to CRM Online.

    Setup for the new user is now complete.

     

    Login into CRM Online

    Next time the user logs in from online.superoffice.com and provide the correct email address – the user is forwarded to SuperID to establish which service to use:

     imagee1a7.png

    If the user's browser session doesn't have an active session from the IDP provider – they will be redirected to the provider of the IDP to log in / authenticate.

    If the user's browser session has an active session from the IDP provider – they will be logged into CRM Online.

     

     

    Questions and Answers

    For a normal user - there is not much difference at all. To reset the SuperOffice password user must use the email verification process. Admin cannot set users password in Admin any longer. The user using IDP will need to use the IDP's reset password feature to reset the password.
    You don't :) Passwords is handled through your IDP (ie. Microsoft or Google)
    The user use reset password feature through the IDP service
    When an IDP is set for the domain name (ie. username=user1@company.com, the domain is company.com) - users of this domain will be asked to use IDP when logging in 1st. time. Once a user is set to use IDP - one must contact support to get it disconnected from IDP - to use SuperOffice password. If you do not want users to be asked to use IDP when logging in 1st. time - the IDP can be switched off by contacting support.