SSO: Communication recommendations for admins

This guide is intended for administrators who are enabling SSO. Before enabling SSO, we recommend reading our pre-configuration guide and FAQ and discussing the configuration options with other admin at your organization (if any). Once you’re ready to enable SSO for your organization, we recommend communicating with users who have access to manage users in Storable Edge and your employees about the upcoming change to prevent login issues and ensure a smooth transition.

What to tell your organization

Administrators

Users with access to Manage Users can enable SSO. If there are multiple users with this permission on your account, discuss the following:

  • Who will enable SSO. It is important that only one person enables and configures SSO. 
  • When you will enable SSO. 
  • Whether SSO will be required or optional for current users. Please note: New users will be required to use SSO.
  • Whether you’ll use your own company’s login credentials/domains to access SSO.
  • The settings and requirements you want to implement for user accounts and Multi-Factor Authentication. 

Non-admin users

Communicate the following to your employees before enabling SSO:

  • When you will enable SSO.
  • Why you chose to implement SSO. We’ve included a blurb in the communication template below, but we encourage you to make it specific to your organization.
  • Whether SSO is required or optional. If you choose to make SSO optional initially but will require it later, communicate that timeline.
  • Whether your users will have SSO login credentials or will use your own company’s login credentials/domains to access the software.
  • How to create their SSO User Account.
  • What email and username employees should use. The email and username will be the same for users with individual company email addresses.
    • If your employees will be using shared email addresses to log in:
      • Each employee who shares an email address will need to create a unique username. The username doesn’t have to be a valid email but must be formatted as an email address (Ex: john.doe@yourcompany.com). We recommend identifying the username format you wish your employees to use and communicating this to them.
      • Employees with a shared email may not be able to reset their passwords via email and may be required to contact an admin for a temporary password.
      • If employees with a shared email make too many login attempts, they will need to contact an admin to unlock their account.

         
  • Which Multi-Factor Authentication methods can be used. If using Google Authenticator or Okta Verify, you may want to encourage employees to download the app beforehand.
  • What lockout and re-authentication settings your organization will use.
  • If there were screens users previously accessed in Edge using Password Verification, they will now use a PIN. They will be prompted to set your desired PIN at first use.
  • Who at your organization to contact if they need help. Edge Support cannot assist with SSO log-in issues.

Communication template

We’ve included a template below that you can use to communicate with your team. However, we recommend customizing it for your organization. 

⚠️ Placeholder text is highlighted in red and should be replaced. Helper text is highlighted in yellow and indicates selections that should be made to align with your configuration settings.

Hi Team,

We are planning to implement SSO with Multi-Factor Authentication for our Edge software on [ENTER DATE YOU PLAN TO SET IT UP]. SSO utilizes Multi-Factor Authentication (MFA) for enhanced security to help protect our business against cyberattacks and to comply with PCI standards.

What does this mean for me?

When you log in to Edge on [DATE], you will be prompted to set up a SSO User Account to continue. You are or are not required to set up a SSO to log into your software on that date. Here are the details you’ll need to know about setting up your account:

  • If you do not utilize shared email at your organization, include this information: You will use your assigned email address ending in @yourdomain.com as your email address and username.
  • If you do share emails at your organization, such as a single store-level email, include this information: Please enter [store-level email address] as your email address. Create a username in the following format: firstname.lastname@[your domain.com]
  • If there were screens users previously accessed in Edge using Password Verification, include this information: You will now use a PIN to access password protected screens. You will be prompted to set your desired PIN at first use.

Multi-Factor Authentication:

  • Our organization requires [email, SMS, Google Authentication, Okta Authenticator, or Security Key or Biometric Authentication] for MFA. Edge has a helpful article with instructions to set up MFA: SSO Multi-Factor Authentication setup.
  • You will be required to reauthenticate with the MFA method every 14 days.
  • If you will be selecting “Yes, lock users out of failed attempts”: You will be locked out of Edge after [enter your lock-out policy for failed attempts] failed login attempts. If you are locked out, please contact [the admin’s name or names] to unlock your account. 

What should I do if I need help?

  • You can find instructions on how to create your user account in this Help Article: Setting up your SSO User Account.
  • Edge support is unable to help with SSO login issues. If you are unable to log in to Edge or have any other issues accessing your software after creating your user account, please contact [admin name] at [admin contact details]
Still have questions?
Don't be afraid to ask us. We're here to help you.
Contact Support
EDGE

Products

Resources

About

Contact

© Storable. All rights reserved.
Powered by Zendesk