Workforce Single Sign-On Overview

Single Sign-On (SSO) functionality on Social Pinpoint is a paid add-on that you can order through your customer success representative. It provides SSO functionality and works with a number of identity providers (IdPs). It is likely that the roll-out will need to be planned in concert with your IT department that manages your IdP.

A primary benefit, from an end-user perspective, of SSO, is that access to the platform will be through the staff login button with standard credentials and that accounts and groups will be managed through your IT department’s usual processes.

A second key benefit to using SSO is that you can globally grant all SSO users, or SSO user groups that SPP can inherit, access to private projects using the same mechanism as the custom user groups. This makes it very simple to create private engagements, such as staff surveys, that are available to all SSO users. Using SSO for private project access is detailed in the custom user groups page.

Managing SSO Groups

SSO users and groups are managed by your IT department on your IdP system. How SSO groups appear inside SPP can be managed on our platform, under the SSO Groups page (found under Settings > Users > SSO Groups).

On the SSO Groups settings page, you can add an SSO group with the original name matching the name in the SSO system, but give it a display name for use in SPP. E.g. a group called "Internal_SSO_Group_Interns" in your IdP could be mapped to a more meaningful or easier to use name, like "Interns", inside the platform.

🎯Key Actions

After SSO implementation, users will see a new 'Staff Login' button when they try to access the 'Login/Join' button.

This button for your staff members (with the same email domain) to access the platform. Additionally, a new user group called 'SSO Group' is automatically created, containing all existing and future staff who log in using SSO.

💡NOTE: Users with your company domain no longer need to sign up; their accounts are created automatically upon their first login.

Yes, anyone can log in via SSO as long as they have an account with the identity provider.

While it's unusual to use SSO for general community users, it can be beneficial for private sites catering to specific groups, such as university consultation sites or membership groups. In such cases, we can update the login form to prioritize SSO, making email and password registration unnecessary.

Existing staff members will need to use the new 'Staff Login' button. They no longer need to use their old passwords, as SSO integrates with your company's user database for authentication.