SSO: Difference between revisions
From Planfix
No edit summary |
|||
| Line 25: | Line 25: | ||
:Note that SCIM-Provisioning is available for providers [[Okta]] and [[Microsoft Entra|Entra]]. | :Note that SCIM-Provisioning is available for providers [[Okta]] and [[Microsoft Entra|Entra]]. | ||
'''JIT-Provisioning''' — automatic account creation upon first login. | |||
* If an employee logs in to Planfix via SSO for the first time and does not yet have an account, the system will create it automatically. All data will be pulled from the SSO provider—nothing needs to be entered manually. | |||
* If an employee is disabled (deactivated) and only JIT is enabled (SCIM is not enabled), the following occurs: | |||
**''' What happens''': nothing changes automatically in Planfix. The account remains “active.” | |||
**''' Login''': via SSO, the employee will not be able to log in (they were disabled in the IdP—the service that verifies the employee’s identity). | |||
*** If '''Auth Only SSO = off''' and other login methods are allowed, they can log in using an alternative method (login/password, etc.). | |||
*** If '''Auth Only SSO = on''', login is completely closed (but the account in Planfix will still be listed as active). | |||
**''' Subscription and seats:''' the seat is not freed automatically. | |||
**''' What the administrator must do''': manually deactivate the employee in Planfix to free up the seat/license. | |||
**''' Data''': history is preserved. | |||
Revision as of 08:25, 3 October 2025
Single Sign-On (SSO) allows users to log in to Planfix using their corporate account. SSO simplifies authorization and increases security when working in the system.
Benefits of Use
- Simplified login — users access all corporate services, including Planfix, with a single account.
- Enhanced security — login is only possible through a corporate provider with established security policies.
How to Connect
- SSO setup is performed by the Primary Account Admin.
- Go to Account Management — Integrations — Single Sign-On.
- Select the required provider and activate it.
- Add the necessary parameters in the settings.
- Save the settings and perform an authorization test.
Important: Proper SSO operation requires prior configuration on the provider’s side.
Supported Providers
Concepts
SCIM-Provisioning — centralized employee management. This standard automatically creates, updates, and disables accounts in Planfix. All changes come directly from the SSO provider.
- If an employee logs in to Planfix via SSO for the first time and does not have an account, the system will create it automatically. All data will be pulled from the SSO provider—nothing needs to be entered manually.
- If an employee is deactivated in SSO, their account will also be automatically deactivated in Planfix.
JIT-Provisioning — automatic account creation upon first login.
- If an employee logs in to Planfix via SSO for the first time and does not yet have an account, the system will create it automatically. All data will be pulled from the SSO provider—nothing needs to be entered manually.
- If an employee is disabled (deactivated) and only JIT is enabled (SCIM is not enabled), the following occurs:
- What happens: nothing changes automatically in Planfix. The account remains “active.”
- Login: via SSO, the employee will not be able to log in (they were disabled in the IdP—the service that verifies the employee’s identity).
- If Auth Only SSO = off and other login methods are allowed, they can log in using an alternative method (login/password, etc.).
- If Auth Only SSO = on, login is completely closed (but the account in Planfix will still be listed as active).
- Subscription and seats: the seat is not freed automatically.
- What the administrator must do: manually deactivate the employee in Planfix to free up the seat/license.
- Data: history is preserved.