What is SAML?
Security Assertion Markup Language, or SAML, is an authentication standard that allows a unified identity platform, like Okta or Azure, to authenticate users in lieu of a typical username and password. After Filevine’s SAML integration is configured for a tenant, tenant members can log in using their SSO credentials, eliminating the need to remember yet another password.
To have Filevine’s SAML enabled, reach out to your account manager.
Filevine SAML is meant to be set up and maintained by a seasoned IT professional. Filevine provides only limited support in setting up the SSO connection, and does not provide support after the SSO connection is set up.
Note: SAML can sometimes be used to facilitate provisioning of permissions in an application. In other words, in some SAML implementations, the identity platform admin could control application permissions from that side, for instance. At this time, Filevine SAML only serves as a method of authentication, and any additional permissions will need to be granted within Filevine.
User Experience
Once Filevine SAML is enabled for a tenant, a “Sign in with [Provider Name]” button will appear on the tenant login screen. Clicking the button will direct the user to the login screen for the customer’s SSO provider.
Once the user has been authenticated, they will be redirected to Filevine, logged in. If a user has already logged in to the company’s SSO on their browser, they’ll be logged in immediately after pressing the SSO button.
Creating New Users
Filevine SAML connects SSO users with Filevine users via their email addresses. When logging in via SSO, Filevine will search for an existing user with a corresponding email address and then log you in.
If a user has been assigned the Filevine application on the SSO, and the user does not have a Filevine account, a Filevine user will be created automatically upon first login. If you have only one Org, the new user will also be automatically added to your Org. Any additional permissions, like access to actual projects in Filevine, can be granted after the user has been created.
Changing Email Addresses
Note that users are able to log in to Filevine if their SSO record email corresponds to a user’s email in Filevine. At this time, email address changes are not synchronized between systems, so there is a possibility that users can get locked out if they change their email address. In the case that an email address is changed, simply change it back to the original email value to establish SSO. If an email address needs to be changed, we recommend changing it on the SSO side first, and then in Filevine.
Account Manager Tool
In the Account Manager tool, Account Admins can manage their user’s access, including disabling MFA, setting temporary passwords, and disabling and enabling other users. They can also view user authentication activity, like attempted sign-in and forgot password requests.
Comments
0 comments
Article is closed for comments.