This article provides guidance around managing your team, Single SIgn On (SSO), and other settings.
You can find your account settings by clicking on your profile picture in the bottom left corner.
There you will find the following sections:
- Your Profile: Here, you can update your name, password, and your profile photo
- Your Team: This is where you can invite your colleagues to your account, manage their permissions (if you're an administrator), enable Single Sign On, and more
- Stats: This section shows an activity feed within your account - how many documents are being synchronized every hour, how your rules are doing, and all the interactions between members of your team
- Shared history: This section helps you manage all shared items, review access requests, and list all shared documents, projects, etc. Read more here.
How to add users to your account
✨ Magic invite link
Each EnjoyHQ team has a unique invite link assigned. Grab the link and share it with your colleagues - once they go to the sign-up page, they can join your account immediately by providing their name, email, and password.
All administrators in the account will be notified whenever a new team member joins via the magic link.
📧 Inviting via email
Adding a team member couldn't be simpler! Complete the following steps:
- Select "Your team" from the user menu by clicking your avatar in the bottom left of the app
- Select "Invite via email" option
- Enter the name, email address, and the permission role you want to assign.
- Hit "Invite".
Your teammate will receive an email prompting them to set a password and activate their EnjoyHQ account.
Happy collaboration! 🙌
Single Sign On
You can greatly simplify how your colleagues join and access your EnjoyHQ data by setting up SSO. This frees you from sending out invites and managing access to most resources.
We offer a set of different Single Sign On options, which you can configure yourself
- Google SAML (G-Suite)
- Azure AD
- AD FS
- generic SAML 2.0
To link EnjoyHQ and your Google Apps account, go to the team management section and navigate to the Single Sign On option. Then, click on "Configure SSO". From there, follow the steps in the configuration wizard:
Example setup: Okta
When setting up Okta, all you will need is the SSO configuration. The fastest way is to export the IDP.xml file from your Okta settings - read more about it here. When ready, click on the "Configure SSO" button and follow the steps:
Example setup: Google G-Suite
Once you click on "Configure SSO," select "Google" and enter all domains which are linked to your G-Suite organization:
From now on, any colleague from your team can sign in via the configured SSO option. All they have to do is to "Login with SSO" and input your company's domain, as configured in the Setup step:
Removing a team member
If you need to remove someone from your account, you can do so by clicking the trash can next to their email address in the Team Members section of your Team Settings.
Users who are removed won't be able to sign-in again, be invited again, or open a brand new EnjoyHQ account. If SSO is configured, deleted users won't be able to sign in.
Please refer to the roles and permissions page.
Transferring account ownership
EnjoyHQ doesn't have a concept of an account owner. Anybody with the "administrator" role can manage all aspects of the account.
To transfer ownership of an account, the present account administrator has to grant the administrative role to another user, which will turn the original admin into a read-only user or remove the original admin's user account.
In case your account has no administrative seats available - invite the new owner as a read-only user, get in touch with our support, and let us know the email addresses of the current and new admins, we will transfer the roles for you.
- Can I connect more than one SSO option (e.g., Okta and Google G-Suite)?
No, only one connection can be active at a time.
- Do you support generic SAML 2.0 for SSO?
Yes, the SSO setup wizard will guide you through SAML 2.0 setup
- Do I have to invite users if SSO is configured?
No - anybody in your configured Sign-On directory can just sign up without a prior invitation. By default, their permission level will be set to read-only and can be changed later.
While the email invite and magic link options are still available if you'd like to add users outside of your organization, bear in mind that if you have invited a user from your team and they try to sign-in while the invitation is pending - they won't be able to sign in until they accept the invitation.
- What happens when a new team member signs in via SSO?
If a new user joins your team by signing in via SSO the following happens:
- a new user is created in your team
- their permission is set to read-only
- their user record by default will have password authentication disabled, but it can be enabled if they choose to switch to "email & password" login and reset their password
If a user was added to your team prior to enabling SSO, they can still use it to log in, assuming their email address is the same in your identity provider (Google G-Suite, Okta, etc.)
- How are EnjoyHQ users linked to users signing in via SSO?
SSO matches users via their email address, so if your (as an example) G-Suite email is email@example.com and you've signed up with that email address - then signing in via SSO will work out of the box. If the emails are not matched (for example, in G-Suite, your email address is firstname.lastname@example.org), we will create a new team member with the email provided by the SSO endpoint and grant them a read-only role. The only way to log in to your original user account is by providing email & password.
This is sometimes undesirable, so please reach out to us, and we can update the emails for you to match the existing user in Enjoy to the one in your SSO provider.
- Does the SSO support attributes or groups assigned by the identity provider?
No, SSO is used only for signing in. EnjoyHQ account administrators are responsible for assigning and controlling user roles from within EnjoyHQ.
- What happens to a person who is removed from our identity provider? Do they get deleted from EnjoyHQ automatically?
No, since access to SSO is revoked this person won't be able to sign in anymore, and has to be removed manually from EnjoyHQ.
- How can I bypass SSO and log in with email and password?
Sometimes SSO setup can go wrong, so you might need to bypass single-sign on to fix it or remove the connection. To do so, go to the sign in page, do not try to sign-in and click on the "do you need to log in with email & password" link first.
Now the form will allow you to input your email and password. If you don't know it or lost it, you'll have to go through the password reset process first.
Please provide any feedback you have on this article. Your feedback will be used to improve the article and should take no more than 5 minutes to complete. Article evaluations will remain completely confidential unless you request a follow-up.