New User Activation Workflows with SSO
When you have SSO configured and invite your users, there are different workflows to be aware of depending on your authentication settings.
The first step is to bulk invite your users from the People page. You can do this by selecting your Pending users, and then clicking “Send Invites”:
If you are allowing password logins…
Your authentication page should look like this:
When your users receive the invite, they will need to click “Accept Invite”. Because you are allowing password logins, they will be prompted to create a local password for Abacus. After they complete setup of their account, they will be able to login with your identity provider (Okta, Google, Azure, etc) and click on the Abacus tile to login. They will also be able to login with their local password and email address.
If you are only allowing SSO logins…
If you have not selected to allow password logins, your Authentication page should look like this:
Users need to be invited to Abacus from the People tab, and they still need to click to “Accept Invite” in the email to activate their account. This will take them to a page that shows they have been invited to join Abacus via the Identity Provider:
After activating, users should go to the identity provider website, meaning they should go to OneLogin, or Azure, or Google. Then they should click on the tile for the Abacus app that has been created. This will log them into Abacus.
For the mobile app, for the first login, you will need to go through your identity provider as well. Open your identity provider through either the identity provider’s mobile app, or through the web on mobile. Then open Abacus from the identity provider.