FAQ for Single Sign-On Version 1
Modified on: Mon, 13 Sep, 2021 at 2:20 PM
Note: Siteimprove has upgraded their Single Sign-on (SSO) solution.
The new SSO version supports SHA-256 and is easier to configure and manage.
An FAQ relating Version 2 of SSO is available here - SSO V2 FAQ.
Is Security Hash Algorithm-256 (SHA-256) supported by Siteimprove SSO?
Siteimprove is in the process of upgrading their Single Sign-on (SSO) solution.
The new SSO version supports SHA-256 and is easier to configure and manage. SSO v1 does not support SHA-256.
If you would like help to configure the new SSO solution for your organization, or if you are using our previous SSO solution and would like to upgrade, then please contact our Siteimprove SSO team via this email address firstname.lastname@example.org.
Where can users log into Siteimprove after SSO has been enabled?
There are three options for logging into Siteimprove via SSO:
- All SSO users (created before SSO was enabled or with Just-In-Time provisioning) can continue logging in via the normal Siteimprove login form. When using this method, the user only needs to enter an email address – no password. Once the user clicks "Sign-In" they will be automatically redirected to your SSO authentication.
- Siteimprove will provide a login URL once you have enabled SSO. This login URL can be found in Settings>Single-Sign-On
- You can create your own access link/button for your users.
Why can new users not login using the Siteimprove login form?
New users need to use the SSO link as indicated in the image above or their own SSO solution login the first time they log in. Afterwards they may log in using the normal Siteimprove login form.
How do users get added using SSO?
New users are created with Just-in-Time provisioning. Once a new user logs into Siteimprove via your SSO link, they will immediately be added as a Siteimprove user, with the access level designated in your default user profile.
How do I edit the default user profile?
You can configure your Just-in-Time user template to create a default role and access rights. This is defined under Siteimprove > Settings > Single Sign-On > Users: Just-in-Time Provisioning once SSO has been enabled. All users added via SSO will default to these settings.
How can I edit a user's settings once they log in via SSO?
Account Owners or Administrators are able to edit access rights for individual users as needed from Settings, located next to your username at the top of the user interface.
Can I manually add users to Siteimprove after implementing SSO?
No. You will only be able to add new users via SSO once it has been enabled.
What happens to our existing users and their settings once we configure SSO for our account?
All existing users will be able to log in via SSO. If a user needs to log in via the login credentials, then the login-method should be set to "local account" in Manage Users for that particular user. All user settings (site/group access, scheduled reports, etc.) will remain the same. The login method is the only thing that will change.
Who will be able to log into Siteimprove via our SSO?
Any users given SSO access to Siteimprove will be able to log in. There is currently no way to restrict Siteimprove access to specific SSO users from within Siteimprove.
If I remove a user in our SSO app, are they also removed from Siteimprove?
Once a user has been removed from your SSO app, they will no longer have access to Siteimprove. You can also revoke a user's access rights (by deselecting the access box) from User Settings. This will not prevent them from logging in, but it will prevent them to seeing anything once they are in the subscription. If you also want to remove their information from Siteimprove, you can do so by clicking on the settings icon >Manage users > then options and delete user to the right of the user table. However, if a removed user attempts to log into Siteimprove again via SSO they will be created "again" using Just-in-Time provisioning.
How do I disable SSO?
Please submit a Support ticket stating your request and the Siteimprove Support team will assist you.
How can I edit my SSO information (certificate, etc.)?
SSO needs to be disabled prior to making any adjustments (see question above). Once SSO has been disabled, log into Siteimprove via your old login credentials to make the appropriate changes. You can re-enable SSO once the updates have been made.
What should I do if my Identity Provider certificate expires?
If your Identity Provider certificate expires carry out the following steps:
1. Contact Siteimprove Support to disable SSO.
2. Log into the Siteimprove platform directly, i.e. Not using SSO (Reset your Siteimprove password if necessary).
3. Navigate to Settings -> Single Sign-On and copy in the new certificate.
4. Clicking the green Save and Test button.
Did you find it helpful?Send feedback