Manage your team, Single Sign On (SSO) and other settings

Learn how to manage your team, Single SIgn On (SSO), and other settings on the EnjoyHQ platform.

 

This article applies to: ehq tiny logo.png EnjoyHQ

 

On this page:

 


 

Account settings

Find your account settings by clicking on your profile picture in the bottom left corner.

enjoyhq account settings.png

 

There you will find the following sections:

  1. Your Profile: Update your name, password, and your profile photo.
  2. Your Team: Invite your colleagues to your account, manage their permissions (if you're an administrator), enable Single Sign On, and more.
  3. Stats: View the activity feed within your account–how many documents are being synchronized every hour, how your rules are doing, and all the interactions between members of your team.
  4. Shared history: Manage all shared items, review access requests, and list all shared documents, projects, etc. Read about sharing data and insights.

 

Add team members via magic link

  1. Access your EnjoyHQ team's unique "magic invite link."
  2. Copy the link and share it with your team.
  3. Your team members will provide their name, email, and password.

 

Notes:

  • All users who join this way will have read-only permissions assigned; therefore, you won't be charged for them.
  • All administrators in the account will be notified whenever a new team member joins via the magic link.
  • If you do not recognize a new team member, you can remove them from your account and refresh the invite link so that the previous one cannot be used anymore.

 

 

Add team members via email invite

  1. Click on your avatar in the bottom left corner.
  2. Select Your team from the user menu.
  3. Enter the name, email address, and the permission role you want to assign.
  4. Click Invite. Your teammate will receive an email prompting them to set a password and activate their EnjoyHQ account.

 

 

Single Sign-On (SSO)

  • SSO frees you up from sending out invites and managing access to most resources.
  • It is provided free of charge for all accounts, except for the Start plan (Free).
  • Here are the different SSO options you can configure:
    • Google SAML (G-Suite)
    • Okta
    • Azure AD
    • AD FS
    • OneLogin
    • generic SAML 2.0

 

SSO and security

  • All SSO options are powered by WorkOS, an Enterprise grade SSO connector.
  • WorkOS stores only the details necessary to initiate a delegated authentication flow. They do not store any of your credentials or user information but simply act as a means of simplifying authentication.
  • You can learn more about WorkOS' security here.

 

SSO Google Apps account setup

  1. Go to the team management section
  2. Navigate to the Single Sign On option.
  3. Click Configure SSO.
  4. Follow the steps in the configuration wizard.

 

SSO Okta setup

  1. Export the IDP.xml file from your Okta settings.
  2. Click the Configure SSO button.
  3. Follow the steps in the configuration wizard.

 

SSO Google G-Suite setup

  1. Click on Configure SSO.
  2. Select Google.
  3. Enter all domains that are linked to your G-Suite organization.

 

 

Signing in

From now on, any colleague from your team can sign in via the configured SSO option. All they have to do is to "Login with SSO" and input your company's domain, as configured in the Setup step:

 

 

Remove a team member

  1. Go to Team Settings.
  2. Navigate to the Team Members section.
  3. Click the trash can icon next to the email address of the team member you wish to remove.
    Screenshot-2023-11-13-at-16-54-32.png
  4. Click Delete to confirm your choice.

 

Notes:

  • Users who are removed won't be able to sign-in again, be invited again, or open a brand new EnjoyHQ account.
  • If SSO is configured, deleted users won't be able to sign in.
  • Removing a team member will not delete any data they have added or created in your account.
    • Instead, their projects, stories etc. will still be present, and the author will be denoted as "deleted."

 

 

User permissions: Transferring account ownership

Please refer to the roles and permissions page.

  • EnjoyHQ doesn't have a concept of an account owner. Anybody with the "administrator" role can manage all aspects of the account.
  • To transfer ownership of an account, the present account administrator has to grant the administrative role to another user.
    • This will turn the original admin into a read-only user or remove the original admin's user account.
  • In case your account has no administrative seats available, invite the new owner as a read-only user, get in touch with our Support team, and let us know the email addresses of the current and new admins. We will transfer the roles for you.

 

 

FAQ

Can I connect more than one SSO option (e.g., Okta and Google G-Suite)?

No, only one connection can be active at a time.

 

Do you support generic SAML 2.0 for SSO?

Yes, the SSO setup wizard will guide you through SAML 2.0 setup.

 

Do I have to invite users if SSO is configured?

No. Anybody in your configured Sign-On directory can just sign up without a prior invitation. By default, their permission level will be set to read-only and can be changed later.

The email invite and magic link options are still available if you'd like to add users outside of your organization. However, keep in mind that if you have invited a user from your team and they try to sign in while the invitation is pending, they won't be able to sign in until they accept the invitation.

 

What happens when a new team member signs in via SSO?

If a new user joins your team by signing in via SSO the following happens:

  • A new user is created on your team.
  • Their permission is set to read-only.
  • Their user record by default will have password authentication disabled, but it can be enabled if they choose to switch to "email & password" login and reset their password.

If a user was added to your team prior to enabling SSO, they can still use it to log in, assuming their email address is the same in your identity provider (Google G-Suite, Okta, etc.).

 

How are EnjoyHQ users linked to users signing in via SSO?

SSO matches users via their email addresses. For example, if your G-Suite email is jenny@example.com, and you've signed up with that email address, signing in via SSO will work out of the box.

If the emails are not matched (for example, in G-Suite, your email address is jenny.doe@example.com), we will create a new team member with the email provided by the SSO endpoint and grant them a read-only role. The only way to log in to your original user account is by providing email & password.

This is sometimes undesirable, so please reach out to our Support team, and we can update the emails for you to match the existing user in EnjoyHQ to the one in your SSO provider.

 

Does the SSO support attributes or groups assigned by the identity provider?

No, SSO is used only for signing in. EnjoyHQ account administrators are responsible for assigning and controlling user roles from within EnjoyHQ.

 

What happens to a person who is removed from our identity provider? Do they get deleted from EnjoyHQ automatically?

No. Since access to SSO is revoked, this person won't be able to sign in anymore and has to be removed manually from EnjoyHQ.

 

How can I bypass SSO and log in with email and password?

Sometimes SSO setup can go wrong, so you might need to bypass SSO to fix it or remove the connection. To do so, follow these steps:

  1. Go to the sign-in page.
  2. Click on the "do you need to log in with email & password" link.
  3. Input your email and password. If you don't know it or lost it, you'll have to go through the password reset process first.

 

 

Related content

information icon.png

knowledge icon.png

Want to learn more? Check out these Knowledge Base articles... 

Interested in growing your skills? Check out our University courses...

 

Please provide any feedback you have on this article. Your feedback will be used to improve the article and should take no more than 5 minutes to complete. Article evaluations will remain completely confidential unless you request a follow-up. 

Was this article helpful?
0 out of 0 found this helpful