Admin Only Single Sign On
This article will cover how to enable Admin Only Single Sign-On and how this feature works for your AdvocateHub.
You may want your Administrators to log into your hub through your company's Single Sign-On system, but have your Advocates sign up / in with an Influitive AdvocateHub account. This may appeal to you if you already use a third-party identity management service like Okta or OneLogin to handle your logins to the various applications or vendors your company uses.
This allows your IT team to easily manage employees access to any applications your company uses. Some positives of this include a more secure and reliable platform from where your identity management is controlled and improved ease of access to the AdvocateHub for your Administrators.
Setting Up Admin Only SSO
When setting up this feature, you will configure your SAML or OAuth2 setup as normal using your identity management service (ie. Okta, OneLogin). When you navigate to the Single Sign-On section of your settings, Settings > System > Login/Security, you will see an option to enable Admin Only:
To enable SSO for only administrators, simply click on the "Enabled" radio button as pointed out above. If you want all users (Advocates and Administrators) to use SSO, choose the "Disabled" radio button option.
Now that you have everything setup, login to the identity management service you use and navigate to the place where all your applications are. Click your AdvocateHub application and you should be brought straight into your Administrator account in your AdvocateHub. Here is a quick video which runs through what it looks like using OneLogin as an example:
Note: There is no Influitive landing page for the Administrator. Usually with Single Sign-On, when an Administrator navigates to the AdvocateHub they will be redirected to their Single Sign-On login page where they enter their credentials and gain access to the AdvocateHub. With Admin Only Single Sign-On, the only place for the Administrator to gain access to the AdvocateHub is by clicking on the application within their identity management service. If an Administrator attempts to login to the AdvocateHub through the sign in page, they will be denied access and see the following message: