SSO

From Planfix
Revision as of 11:01, 3 October 2025 by Dmitri (talk | contribs) (→‎Important)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Single Sign-On (SSO) allows users to log in to Planfix using their corporate account. SSO simplifies authorization and increases security when working in the system.

Benefits of Use

  • Simplified login — users access all corporate services, including Planfix, with a single account.
  • Enhanced security — login is only possible through a corporate provider with established security policies.

How to Connect

  • SSO setup is performed by the Primary Account Admin.
  • Go to Account Management — Integrations — Single Sign-On.
  • Select the required provider and activate it.
  • Add the necessary parameters in the settings.
  • Save the settings and perform an authorization test.

Important: Proper SSO operation requires prior configuration on the provider’s side.

Supported Providers

Concepts

SCIM-Provisioning — centralized employee management. This standard automatically creates, updates, and disables accounts in Planfix. All changes come directly from the SSO provider.

  • If an employee logs in to Planfix via SSO for the first time and does not have an account, the system will create it automatically. All data will be pulled from the SSO provider—nothing needs to be entered manually.
  • If an employee is deactivated in SSO, their account will also be automatically deactivated in Planfix.
Note that SCIM-Provisioning is available for providers Okta and Entra.


JIT-Provisioning — automatic account creation upon first login.

  • If an employee logs in to Planfix via SSO for the first time and does not yet have an account, the system will create it automatically. All data will be pulled from the SSO provider—nothing needs to be entered manually.
  • If an employee is disabled (deactivated) and only JIT is enabled (SCIM is not enabled), the following occurs:
    • What happens: nothing changes automatically in Planfix. The account remains “active.”
    • Login: via SSO, the employee will not be able to log in (they were disabled in the IdP—the service that verifies the employee’s identity).
      • If Auth Only SSO = off and other login methods are allowed, they can log in using an alternative method (login/password, etc.).
      • If Auth Only SSO = on, login is completely closed (but the account in Planfix will still be listed as active).
    • Subscription and seats: the seat is not freed automatically.
    • What the administrator must do: manually deactivate the employee in Planfix to free up the seat/license.
    • Data: history is preserved.

Important

  • When the Auth Only SSO (Authentication only via SSO) setting is enabled, employees will only be able to log in to the Planfix account via SSO, except for those who are allowed all authorization methods. The Primary Account Admin has access to all authorization methods, even when this option is enabled.
  • When creating an employee in Planfix via JIT Provisioning or SCIM Provisioning, if the employee limit in the package is reached, the subscription will be automatically expanded — additional employees will be added at the expense of reducing the overall paid subscription period for the account.
  • If an employee is deactivated via SCIM Provisioning, the number of paid additional seats in the subscription is automatically reduced.


Go To

Retrieved from "http://planfix.com/help/index.php?title=SSO&oldid=26698"