Simplify and secure employee experience with new Single-Sign-On enforcement
FeaturedDear Users,
We understand security has been a prime requirement for organisations of all scale.
In 2020, we introduced a layer of user-level security setting via Two-Step Verification. Now, continuing our efforts on enhancing user security and adding some of the key and most requested features on Podio, we have released an organisation level Sign Sign On (SSO) configuration. This allows organisation admins to ensure employee users are logging into Podio using SSO, only via the preferred identity provider as configured by the admin.
What does the new feature entail?
For admin users:
- A new "Security" tab is introduced along side the Organisation Settings page.
- This tab is accessible to all employee users in a free organisation, while for paid organisations, only organisation admins can access the Security tab.
- Security tab contains the "Configure Single Sign On" section that lists all the domains added for the organisation and allows enabling SSO for each domain independently, by choosing one identity provider from the dropdown for each domain.
- This release allows you to choose from two identity providers: Google and O365
- If you do not have any domain added to your organisation yet, contact support for getting it added. Domains are a pre-requisite for the SSO Configuration.
For employee users:
- Once SSO is configured for a domain, all employees associated with that particular email domain will:
- be blocked from using username/password to log into Podio
- need to mandatorily use only the configured SSO type to log into Podio on both web and mobile.
- If an employee user is part of multiple organisations, with one or more organisations having SSO enforced, then the user will:
- be blocked from using username/password to log into Podio
- can use any one of the SSO types as enforced by those organisations
- but cannot use any wrong combination of SSO and email domain that has not been enforced by any of the organisations. Check out the "Advanced Information" section.
- This is primarily a gate check. So after a user has logged in to Podio successfully, they can continuing accessing their data across all organisations and workspaces they are part of.
- For every login failure (due to wrong login method), user will be notified on screen as well as via email notification (sent to the email id for which SSO has been enforced)
What are the benefits?
- Leverage your existing identity providers (IdP) to sign into Podio.
- An enhanced security feature that would avoid unauthorised logins.
- A simplified employee experience to easily login via company prescribed SSO.
- Organisation admins equipped with a gate check for all or specific employee users (based on domains configured for SSO)
- Client and external users logins does not get affected (since they do not share domains with the employees)
- However, if your client / vendor is invited to Podio as an employee user (i.e. their domain is added to your organisation), they you can choose to have an SSO enforced for their domain, independent of the one enforced on employees.
What's new?
Podio supports Single Sign On today via Google and O365. But it is a voluntary option at the discretion of the users. As a user (Employee or external), you can either choose to enter your username password or login via Google/O365 SSO with your Podio registered email id. But this new feature allows admins to put in an organisation level mandate on employee users. This ensures, if a user is logging into Podio with a valid SSO (as per mandate), they are a valid employee of the organisation with their credentials active with the identity provider.
Details about SSO Configuration for Podio have been updated in our help centre: Single Sign On (SSO) Configuration
Please reach out to our team here incase of any further queries.
//Pallabi - Podio Product Manager
Please sign in to leave a comment.
Comments
5 comments