When you activate single sign-on as the login method for your account, you will have the option to allow your users to self-register. Self-registration is a form of user management that automatically creates a new user in the system when an individual who does not yet exist in in the system attempts to authenticate via SSO with an authorized email address.
To opt into self-registration with SSO:
- Click the cog in the top navigation bar to access the Settings Page
- Once on the Settings page, click the Manage button in the Account Settings section
- Once in Account Settings, expand the Single Sign-On section
- From the Login Methods drop down, choose between direct (default), Microsoft, and Google
- Once you have chosen a SSO login method, click Add Domain under Self-registration Domains. (Tip: You should add the domain most commonly associated with your users’ primary email addresses and not their secondary email addresses or aliases to avoid potential unauthorized access and duplication)
- Click the Save button
- Read and accept the Update Account Settings warning by checking the box in the modal window and clicking the Update button
Now, when a user with an email address that matches the authorized domain attempts to login, the system does a check to ensure that they exist as a user. If they do not yet exist as a user, the system creates a new a new user for them with the ‘End User’ role only. Should you want that user to have additional administrative or search permissions, you will have to edit the user’s roles.
Please note: If an account has Azure AD Sync enabled, the self-registration option will not be available. Both self-registration and Azure AD Sync are methods of automated user management. In order to avoid conflicts, only one can be enabled at a time. Priority is given to Azure AD Sync as it is a more robust system with capabilities that go beyond simple user creation/updating. Learn more about Azure Active Directory Sync here.
Carlos Rios
Comments