Setting up users for single sign-on authentication
In their user profiles, you’ll need to assign them SSO authentication and, if you’re using an authentication provider, an authentication ID that maps to the user’s identity in the provider application.
To do this:
- Go to Administration > Employees and Organization > Users.
- Select the user’s name, or click Add User.
- On the main user profile page, from the Authentication Type field, select SSO.
An Authentication ID field displays. If you’re editing an existing user, this field will automatically populate with their login name, though you can modify this value, if necessary.
This field only applies to authentication providers – you can leave it blank for SAML.
- If you’re using an authentication provider, enter the user’s name as formatted in the provider application in the Authentication ID
This mapping will allow the user to be identified in the provider app, and be authenticated correctly. You should be able to find what field to map in the provider application’s documentation for OpenID Connect.
This field will be filled automatically if you’re already using Google or Intuit SSO with Polaris.
Users can now log in to Polaris using SSO. If you’re using SAML, you’ll need to supply them with a link to use to log in. If they’re using an authentication provider, they can use the credentials for that provider, via our login page.
If an employee is using a provider other than Google or Intuit, you’ll need to let them know they must log in using our alternate login option that supports multiple SSO options, accessed by clicking the the Try our new login page link located above the login fields. All other users can continue to use the old login page.
You can mass edit the Authentication Type field. If you change this to SSO via mass edit, the Authentication ID for all users will be set to their login name. If you need to change that field to something different, you’ll have to update it one user at a time.