Once SSO is setup on the system, users can be created via your active directory OR in the usual way. These users will likely already have login details for your organisation so they will use the same login credentials for MaxContact. You can have a mix of SSO and non SSO users who can login without issue.
SSO will mainly be configured by your internal IT team but there are some 'front end' areas to be aware of, namely the CTU page and the Permissions page of the portal.
CTU page
There are 2 additions to the CTU page to do with SSO. These are the tick box to set a user to use SSO and a button to switch local authentication off.
Single Sign-On tick box and user details
Should users be created via SSO and your active directory, they will appear in the CTU page with the tick box already assigned. Configuring users in this manner will only create the basic details of their login, first and last name, they will be made active and be assigned a role but will have defaults set for the other areas. See the table below.
CTU option | SSO assigned/not assigned |
First Name | Assigned by SSO |
Last name | Assigned by SSO |
Active | Assigned by SSO |
Photo | Not assigned by SSO |
Login | Assigned by SSO |
Default role | Assigned by SSO |
Web RTC* | Not assigned by SSO |
Extension | Not assigned by SSO |
Auto login to campaign | Not assigned by SSO |
Primary team* | Not assigned by SSO |
Capacity plan | Not assigned by SSO |
Single sign-on | Assigned by SSO |
Tags | Not assigned by SSO |
*WebRTC and Primary team can be automatically configured during onboarding.
Local authentication button
By clicking this button then confirming, SSO users will no longer be able to use standard authentication login options. This button is only available to users with the SSO Permission 'SSO Configuration Access' activated on their role.
Once this has been used, the buttons function changes to switch SSO off for all users.
Single Sign-On tick box and user details
Should users be created via SSO and your active directory, they will appear in the CTU page with the tick box already assigned. Configuring users in this manner will only create the basic details of their login, first and last name, they will be made active and be assigned a role but will have defaults set for the other areas. See the table below.
CTU option | SSO assigned/not assigned |
First Name | Assigned by SSO |
Last name | Assigned by SSO |
Active | Assigned by SSO |
Photo | Not assigned by SSO |
Login | Assigned by SSO |
Default role | Assigned by SSO |
Web RTC* | Not assigned by SSO |
Extension | Not assigned by SSO |
Auto login to campaign | Not assigned by SSO |
Primary team* | Not assigned by SSO |
Capacity plan | Not assigned by SSO |
Single sign-on | Assigned by SSO |
Tags | Not assigned by SSO |
*WebRTC and Primary team can be automatically configured during onboarding.
Local authentication button (Fig 2)
By clicking this button then confirming, users will be able to login using standard authentication e.g. Login & Password (Single Sign On (SSO) authentication will remain active during this time).
As users may not have a password set for standard authentication, you can use the password creator (template) to generate user specific passwords. This password will be sent to all users, however, using fillpoint will then customise it so everybody isn't given the same password.
Fill points available are the users login, first name, last name and the 5 custom data fields from the custom tab of each user. These are commonly only used for email signatures but can be used for this purpose also.
Custom data/fill points
Should you want to add custom fields, a member of the admin team with access to the Permissions page should give the chosen roles users, permission to customise the data fields.
Fig 3. Permission to add to sys admin to edit custom fields.
Fig 4. Custom attributes can be edited.
Changing the field names will apply to all users. This will not override what has been entered in the Field value column. These field values are where the fill points will pull data into the password creator mentioned above.
Password creator
By selecting the red button shown in fig 2 for local authentication, a dialogue box will appear where you can create a password to give to all users to login via the standard authentication method.
Fig 5. Create a new password to give to all staff but is also unique to that staff member.
The password can contain any words/letters combinations you like and to make them unique per person, you can use the fill points which relate to the custom data in fig 4 above.
Use case example
There's been an issue with SSO so the admin have disabled it on the portal. Passwords have been generated using the word 'password' followed by some fill points. The password everyone receives reads 'password.surname.postcode' as the admin staff used the fillpoint 'Last name' and a custom field which has the agents postcode as the custom data on each user can hold any information you want!
Once enabled, there will come a point where you will want to switch the option off. To do this, press the button (fig 2) which will allow you to disable standard authentication. On doing so, standard authentication will no longer be available to Single Sign On (SSO) users. Standard authentication will only be available to non Single Sign On (SSO) users.
Permissions page
As part of the SSO process when creating users, they are assigned roles outside of the portal. This means that once a user is classed as a SSO user, their roles cannot be changed within the portal.
On the permissions page, you will see a yellow icon with a padlock denoting that they have had their role(s) set as part of the SSO process. Should you wish to change this role, you will have to speak to your internal team handling your active directory.
You will also see a padlock icon next to any permission group/role, this means that the group has been mapped to a group via SSO.
It's worth noting that you can still change permissions within roles, new roles can also be created but don't forget these will also need to be set to a user via your active directory.