Using Single Sign On (SSO) with Dado
- Why set up SSO with Dado?
- How Dado's SSO functionality works
- How to switch on SSO access for employees' personal Experience pages
- SSO providers currently supported
Why set up Single Sign On (SSO) with Dado?
Logging into Dado with your organization's SSO system adds an additional level of security. Dado's Admin app will store personally identifiable information about employees, such as their name and email address, as well as other data selected by you. Access to this data within the Admin app is controlled by permissions – but SSO helps to ensure there is no unauthorized access to this data.
How Dado's SSO functionality works
Dado distinguishes two types of logins: Administrator accounts (who manage Dado via https://app.dadohr.com) and your employees (who access their personal experience pages via https://mydadohr.com).
Activating SSO for Admin users (both Account Adminstrators and Experience Managers) means that they will have to confirm their identity with SSO when logging into the Admin interface, where they create/manage experiences, manage data in Dado and view reporting.
You also have the option of requiring employees to log in via SSO for some or all of your Experiences. For instance, you might require SSO for your onboarding and offboarding Experiences, but have less sensitive Experiences that do not require SSO.
Please note: it is not currently possible to require SSO only for employees. You can only switch on SSO for all employees if it's already switched on for Admin users
How to switch on SSO access for employees' personal Experience pages
Time required: 1 minute
Pre-requisites: SSO is already switched on for Admin users
Go to the Edit mode of that Experience and select Basics from the left-hand navigation
At the bottom of this screen you will see some Access and Security settings, with a toggle to switch on SSO
Once you have turned on SSO, you have 3 options:
- Require SSO always
- This option is best suited for all experiences apart from pre- and onboardings
- Require SSO from the first day at work
- This option works well for onboardings, where the new hire will not have access to your organization's SSO until their first day at work
- Require SSO after the first day at work
- Put another way: employees will not need to use SSO until their second day at work
- This option works well for onboardings, where new hires might not set up SSO until later in their first day at work. With this option, they will still be able to access messages and complete tasks on their first day before their SSO set up is complete.
For the last two options, employees who are in the pre-SSO-required period will be able to access their personal Experience page via through short lived "magic links" sent directly to their emails.
SSO providers currently supported
Dado supports Single sign-on via the SAML 2.0 protocol. This enables you to use Dado's SSO whether you host your own SAML Identity Provider or use one of the common identity and access management tools based on this protocol – for instance Okta and One Login
You can find specific instructions on some providers at the links below:
We are always expanding our integration library so if you use another system, please get in touch to check if it is supported.
Need help setting SSO up? Get in touch with us at help@dadohr.com