Single Sign On within Genius

Single Sign On (SSO) allows users in your organization to sign in through your organization identity provider so they can use a common username/password with all of your organization's applications. This helps simplify the login and account management process for your users while ensuring compliance with your corporate security policies.

Common identity providers include:

  • Microsoft Entra ID (former Azure Active Directory)
  • Google SSO
  • Okta SSO
  • Amazon AWS
  • and many others

If you enable Single Sign On for your organization, all users within your organization will then be able to sign in via their SSO credentials. If these users had previously logged into Genius, once they sign in to SSO this will replace their prior login credentials. All your users need to do is enter their email on the Genius sign-in screen and, if SSO is enabled, they should be automatically re-directed to your SSO provider to login to Genius.

SSO Setup Guides

If you want to set up Single Sign On for your organization within Genius, we have several guides which will help you set up through our supported providers.

Microsoft Entra ID

Google SSO

Integrate to other providers via SAML

Account Login

To enable other accounts to continue functioning, you also have the option to enable the Account Login setting in the Login Options menu. If enabled, it allows accounts which are not in your SSO to continue functioning in Genius. Most often, these accounts are used for Admin accounts or Integrations to other systems.

You must ALWAYS have either Account Login or SSO enabled as one of the two methods is required to be able to sign in to Genius.

If you want your Genius to automatically forward your users to your SSO provider so they do not have to click on a “Login with SSO” button, then you will need to turn off Account Login.

Warning

If you disable Account Login it will remove all old passwords. If you re-enable Account Login later it will require a reset of all prior passwords. This is because once Account Login is disabled it is expected all users will be logging in through SSO and will no longer need their old Account Login passwords.

Do not turn off Account Login while testing out SSO unless you want passwords for all users to be reset.

 

 

Frequently Asked Questions:

  • What happens to Multi-Factor Authentication when I turn on SSO?
    • Multi-Factor Authentication will be disabled if you turn on SSO. Since your users will be logging in through their SSO credentials, MFA will need to be enabled through your identity provider
  • How do I get to the SSO login page?
    • By entering your email on the Genius login page, if you have turned Account Login off then your users will be automatically re-directed to your SSO provider.
    • If Account Login is on, then your users will need to click Sign in with SSO after entering their email to be brought to your SSO provider
  • Can I go back to Account Login after setting up SSO?
    • Yes, by disabling SSO you will be required to enable Account Login. See warning in Account Login section above, because by disabling Account Login the prior Account Login passwords will be wiped. 
  • When I've enabled SSO, how do I reset one of my user's passwords?
    • This would be handled through your identity provider as Genius will not store passwords for users logging in via SSO
  • Can I use providers other than Microsoft Entra ID and Google SSO?
    • Yes, any SSO provider that supports SAML 2.0 should work with Genius as an identity provider
  • Does SSO integration support user provisioning (SCIM or LDAP syncing)?
    • Not at this time

Give feedback about this article

Was this article helpful?

Have more questions? Submit a request

Updated:

December 14th, 2023

Author:

Curtis Foster

Updated By:

Curtis Foster

KB ID:

2275759

Page Views:

890

Tags:

single login, auth simplify, sso, single sign on, saml, account login

Can’t find what you’re looking for?

Contact our award-winning customer care team.