Skip to main content

Siteimprove SSO FAQ

Modified on: Wed, 28 Jun, 2023 at 1:20 PM

Where can users log into Siteimprove after SSO has been enabled?

There are three options for logging into Siteimprove via SSO:

  1. All SSO users (created before SSO was enabled or with Just-In-Time provisioning) can continue logging in via the normal Siteimprove login form. When using this method, the user only needs to enter an email address – no password. Once the user clicks "Sign-In" they will be automatically redirected to your SSO authentication.
  2. Siteimprove will provide a login URL once you have enabled SSO. This login URL can be found in Settings > Authentication and Security > Single-Sign-On.SSO link in platform
  3. You can create your own access link/button for your users. 

Why can new users not login using the Siteimprove login form?

New users need to use the SSO link as indicated above or their own SSO solution login the first time they log in. Afterwards, they may log in using the normal Siteimprove login form.

How do users get added using SSO?

There are two options:

  • New users are created in the platform via the Add User button under Manage Users.
  • Use Just-in-Time provisioning. Once a new user logs into Siteimprove via your SSO link, they will immediately be added as a Siteimprove user, with the access level designated in your default user profile.

What should I do if my Identity Provider certificate expires?

If your Identity Provider certificate expires carry out the following steps:

  • Log on using a Local account user. We recommend that you have at least one "Local account" user on your account for such situations.
  • Navigate to Settings > Authentication and Security > Single Sign-On.
  • Click on the "SSO Configuration" button.
  • Select either "Metadata URL" or "Manual setup" depending on your configuration and enter the details
  • Click the "Save and Validate Configuration" button.

Contact Siteimprove Technical Support if you need help with this.

How do I edit the default user profile?

You can configure your Just-in-Time provisioning default user profile as follows

  • Go to Siteimprove > Settings > Authentication and Security > Single Sign-On
  • Click the "Edit default settings for new SSO users" button on the bottom of the page
  • Edit and save the default SSO user settings

How can I edit a user's settings once they log in via SSO?

Account Owners or Administrators are able to edit access rights for individual users as needed from Settings, located next to your username at the top of the user interface.

Manage users link in platform top menu

Can I manually add users to Siteimprove after implementing SSO?

Yes. If you are using SSO v2 you can add users via the manage users table.

What happens to our existing users and their settings once we configure SSO for our account?

In order for existing users to log in via SSO, you will need to change the login type form local to SSO. You can do this on the Manage Users table as follows:

  • Go to Settings > Manage Users.
  • Select the users that should access the platform using SSO.
  • Click on the "Edit Login Method" button.
  • Select the "Single Sign-On" and "Save".

All user settings (site/group access, scheduled reports, etc.) will remain the same. The login method is the only thing that will change.

Edit login method

Who will be able to log into Siteimprove via our SSO?

Any users given SSO access to Siteimprove will be able to log in. There is currently no way to restrict Siteimprove access to specific SSO users from within Siteimprove.

If I remove a user in our SSO app, are they also removed from Siteimprove?

Once a user has been removed from your SSO app, they will no longer have access to Siteimprove. You can also revoke a user's access rights (by deselecting the access box) from User Settings. This will not prevent them from logging in, but it will prevent them from seeing anything once they are logged in.

If you also want to remove their information from Siteimprove, you can do so by clicking on the Settings > Manage users > Select the user and click the "Delete Users" button.

If a removed user attempts to log into Siteimprove again via SSO they will be created "again" using Just-in-Time provisioning.

 Delete a user

How do I disable SSO?

You can disable SSO by converting all users to local users rather than SSO users on the Manage users table.

  • Go to Settings > Manage Users.
  • Select all users using the checkbox at the top left of the table.
  • Click on the "Edit Login Method" button.
  • Select the "Local account" and "Save".

How can I edit my SSO information (certificate, etc.)?

  • Go to Siteimprove > Settings > Authentication and Security > Single Sign-On
  • Click on the "SSO Configuration" button.
  • Select either "Metadata URL" or "Manual setup" depending on your configuration and enter the details.

Note: We recommend that you use a metadata URL. With a metadata URL, your identity provider details will automatically be updated and maintained to avoid expired certificates that need updating.

Is Security Hash Algorithm-256 (SHA-256) supported by Siteimprove SSO?

Version 2 of Siteimprove SSO supports SHA‌-256 and is easier to configure and manage. SSO v1 does not support SHA-256.

Is encryption supported by Siteimprove SSO?

At the moment we do not support encryption. You need to disable encryption or set it as optional.

If you would like help to configure Siteimprove SSO for your organization, please contact Siteimprove Technical Support with your request.

Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.