Edisen now supports Single Sign-On for all it's users. That means if you have an Edisen account or receive an invite to an email address that is a verified domain, you will be able to authenticate through your company's identity provider.
SAML Single Sign-On
Edisen uses SAML (Security Assertion Markup Language) single sign-on which is an open standard for exchanging authentication data between identity provider (like Microsoft, Google) and a service provider (Edisen).
Authorization (user roles), invitations/access and deletion of users will still be controlled by Edisen Admins during this rollout in Nov 2021. During the next upcoming phases of the project, we will be extending SAML for SSO to setup authorization between Edisen and your company's identity provider (SCIM provisioning).
What this means for you
Login page on Edisen will now accept only one field: email address. If you submit an email address with a domain that is verified/registered with an organization and this organization has SSO enabled, then you will be authenticated with your IdP. On successful authentication, you will be taken directly to Edisen homepage. There is no need to enter a password on the Edisen side.
Note that during the first time you are logging in to Edisen after SSO was setup, you will be taken to your identity provider's page to authenticate with your email and password. After the first authentication and login, you will remain logged in for the next "n" number of days. "n" would be determined by what your identity provider supports.
What if you land on password submission page?
If you make a mistake in your username (the first part of your email address) but enter a verified domain, you will be taken to Edisen password submission page. Once you make your corrections and enter a password (or any text) for logging in, you will still be authenticated against your identity provider and not via the password you provided.
You can also click on "Login with SSO" to go back to the first login page and correct your email address.
What if my organization disables SSO?
In this case, you will be able to use your Edisen password and login to Edisen. If you do not have an Edisen password setup (this can happen if you got invited to Edisen after your organization has already enabled SSO), then you will not be able to login. You will need to contact an Edisen administrator who manages SSO configuration to enable SSO again.
Access to Edisen will still be invitation only based. That is, even if your identity provider administrator gave you access to Edisen from their side, you will not be able to login unless you have an invitation. Any new users to an Edisen organization (SSO or not) will need an invitation to access Edisen and join the organization.
There will be no change in this feature at this time.
If you have logged into Edisen using SSO, you will no longer have access to the password fields in your profile page. Your email to access Edisen, and your password will be managed with your identity provider. In order to change any of this information, you will need to access your account on your company's identity provider profile page.
Edisen admins will continue to have access to remove an account from their organization. No changes in this feature at this time.
Login Error from Edisen
When your user access to Edisen is setup with your identity provider but not yet with Edisen (no invitation sent and verified), and you try to access Edisen from your company's applications page, you will land on an Edisen login error page.
You could also land on this page when there is any SSO misconfiguration. You could contact your Edisen admin to report your issue.
Login Error from your identity provider
When you have an account or an invitation from Edisen but your access to the app was not setup on your company's identity provider, then you will receive a login access error message from the identity provider.
Full-screen view of the article:
Hope you found this article useful. Please feel free to give us feedback, comments or reach out for questions at email@example.com
For submitting a support request, please see this article https://app.intercom.com/a/apps/ajhtc3bt/articles/articles/3168393/show