While not available out of the box, Consensus does support SAML 2.0 SSO and can help set this up through Professional Services options. In this article we will review the different setting available once SSO has been set up for your Account.
SSO allows you to more easily manage the systems and tools that your different team members have access to. If you are interested in setting up an SSO connecting into Consensus contact your Client Success Manager to learn more. If you already have SSO setup, we will review the different SSO settings available for your Account.
If your Account has been set up with SSO, you can find the SSO settings by clicking the gear icon () in the upper right hand corner then selecting Integrations:
Within the Integration section, click the SSO tab to see the SSO settings
Disable Direct Login
By default, after setting up SSO for your Account your Users will still be able to login to Consensus directly by navigating to the Consensus Sign In page and using their Consensus Credentials. If you want to force Users to login via your SSO portal you can do this by turning ON the 'Disable Direct Login' setting.
Once set to ON, you will have the ability to set a login message that will show when Users try to login directly through the Consensus Sign In page.
- NOTE* This message will also show within the Welcome email for New Users you add to your Consensus Account once Direct Login is disabled
Strict SSO Type
Within your SSO settings, you can also determine levels of Strict SSO Type. This can be set by either All Users or By Email Domain.
- Strict SSO - All Users
- When turning ON Disable Direct Login, Strict SSO for All Users is set by default. This means that All Users within your Account will need to login via your SSO portal and will see the SSO message if they try to login directly.
- Strict SSO - By Email Domains
- This setting allows you to determine which Email Domains are required to login via SSO. Any User with a different Email Domain will be able to login directly.
- This is fairly common for Accounts that are using the Channel Accelerator and have Reseller Groups with users that are not a part of their own Organization. In this Use Case, Reseller Users with a different Email Domain can still login directly while Internal Users will need to login via SSO.
- You can add as many Email Domains as needed to restrict Users based on their Email Domain. If your Organization has different Email Domains that are used by your Consensus Account Users, you can input the different Email Domains needed
- NOTE* You can use an asterisk symbol (*) to automatically support multi-level email domains. This is done by adding a Email Domain using an asterisk before (or after) the dot symbol.
- If you have 3rd level domains emails in your organization – use *.email.com
- If you have 4th level domains – use *.*.email.com
That's it! Once you have your SSO settings set the way you want, make sure to click 'Save' at the bottom of the page.