This article will cover:
What does the flow look like from the Advocate point of view?
- Navigate to the AdvocateHub URL
- There are two scenarios:
- If they have previously logged in to your portal and the cookie is still present in the browser then they will be brought directly to the AdvocateHub.
- If they have not previously logged in and have no cookie they will be invited to enter their login credentials to your platform, upon successful entry of these, they will be brought to the AdvocateHub.
Note: If an advocate is already a member of another AdvocateHub with the same email address then there is one additional step in the flow. After they successfully enter their credentials into the customer portal, they will see a message like below:
An email will be sent to the Advocate which will include a link which they just have to click on and they will be brought back to the login screen to enter their credentials once more before gaining access to the AdvocateHub.
How do invites work with SSO?
Important Note about Nominees and SSO
If you have a Nominee in your AdvocateHub and then this user tries to sign up to the AdvocateHub using a join URL or by navigating directly to the AdvocateHub they will experience permissions issues. Currently the only way to 'upgrade' a Nominee to an Advocate is by sending them an invite directly from AdvocateHub, they will then need to click the link contained in the invitation to gain access to the AdvocateHub as an Advocate.
To study some other options on how you can segment your Advocates check out this article.
Things To Think About If Implementing SSO On An Active Hub
What can you do to prepare for this?
Can I have Employees access the AdvocateHub via SSO but Customers access using the traditional method?
Using SAML, no, anybody who has an account setup in the platform you are utilizing SSO in will be able to access the AdvocateHub. This is a case of all or nothing. If you want to use SSO then everybody has to login using it. So for example if you have employees who have accounts in your portal they can login through SSO, but if you have customers who don't have an account in your portal they have no way to login when SSO is enabled in your AdvocateHub.