Using Single Sign On (SSO) with Dado

• Why set up SSO with Dado?
• How Dado's SSO functionality works
• How to switch on SSO access for employees' personal Experience pages
• SSO providers currently supported
• Setting up Microsoft Entra SSO (aka Azure SSO)

Why set up Single Sign On (SSO) with Dado?

Logging into Dado with your organization's SSO system adds an additional level of security. Dado's Admin app will store personally identifiable information about employees, such as their name and email address, as well as other data selected by you. Access to this data within the Admin app is controlled by permissions – but SSO helps to ensure there is no unauthorized access to this data.

How Dado's SSO functionality works

Dado distinguishes two types of logins: Administrator accounts (who manage Dado via https://app.dadohr.com) and your employees (who access their personal experience pages via https://mydadohr.com).

Activating SSO for Admin users (both Account Adminstrators and Experience Managers) means that they will have to confirm their identity with SSO when logging into the Admin interface, where they create/manage experiences, manage data in Dado and view reporting.

You also have the option of requiring employees to log in via SSO for some or all of your Experiences. For instance, you might require SSO for your onboarding and offboarding Experiences, but have less sensitive Experiences that do not require SSO.

How to switch on SSO access for employees' personal Experience pages

Go to the Edit mode of that Experience and select Basics from the left-hand navigation

At the bottom of this screen you will see some Access and Security settings, with a toggle to switch on SSO

Once you have turned on SSO, you have 3 options:

1. Require SSO always
   • This option is best suited for all experiences apart from pre- and onboardings
2. Require SSO from the first day at work
   • This option works well for onboardings, where the new hire will not have access to your organization's SSO until their first day at work
3. Require SSO after the first day at work
   • Put another way: employees will not need to use SSO until their second day at work
   • This option works well for onboardings, where new hires might not set up SSO until later in their first day at work. With this option, they will still be able to access messages and complete tasks on their first day before their SSO set up is complete.

For the last two options, employees who are in the pre-SSO-required period will be able to access their personal Experience page via through short lived "magic links" sent directly to their emails.

SSO providers currently supported

Dado supports Single sign-on via the SAML 2.0 protocol. This enables you to use Dado's SSO whether you host your own SAML Identity Provider or use one of the common identity and access management tools based on this protocol – for instance Okta.

We also have a separate integration for Microsoft's SSO system, described below.

We are always expanding our integration library so if you use another system, please get in touch to check if it is supported.

Need help setting SSO up? Get in touch with us at help@dadohr.com

Setting up Microsoft Entra SSO (aka Azure SSO)

1. Accept the Dado invitation via email

Your Dado Success Manager will trigger an invitation to set up a Dado account. This will be sent to your email account.

Click the button to accept the invitation.

2. Log in to Dado via your Microsoft account

You will be redirected to a Dado page where you are asked to confirm your email address.

After this, you'll be asked to log in with your Microsoft account.

3. Accept the Dado permissions request

After logging in with Microsoft, you will see a Permissions request generated by Microsoft.

Click the "Accept" button.

4. [Optional] Switch on SSO for employees

Go to Settings > Integrations and click on the Microsoft SSO card.

Turn on the toggle for Employees. Please note, this can take a few seconds to confirm, due to slow responses from the Microsoft API.