All Collections
Mandatory authentication on a SAML/SSO
Mandatory authentication on a SAML/SSO
Updated over a week ago

The SSO service allows you to connect to multiple computer applications with a single authentication.

As the administrator of your platform, you can enable single sign-on (SSO) by defining the connection services from your administrator's area.

By enabling one of these authentication services, you set the authentication mode(s) available for users of the platform.

You'll be able to enforce a user to authenticate using a selected authentication system by checking the associated option that appears after the service is enabled.

How to get there?

To enable this feature, go to the Administration, Authentication section.

You can allow members of your organization to log in from external services.

To do so, select a specific SSO authentication mode by enabling the desired login services. You can enable the following login services:

  • Google,

  • MS Azure,

  • LinkedIn,

  • SAML.

Once the authentication service has been selected and enabled, you'll have the option to enforce authentication on an SSO by selecting this option and then setting the email domains for this feature in the dedicated field.

In this case, a user with an email address corresponding to one of the domains filled in will have to connect to this SSO to access the platform.

For example:

If the administrator of the platform defines authentication by Google of users whose email domain is @gmail, then all these users will have to connect to Google to access Talkspirit. Once logged into the Google account, the user will be able to instantly join Talkspirit without having to log in again.

If the Enforce this authentication mode option is not enabled, the user can choose to log in using any of the authentication services enabled by the administrator.

How to enable registration with mandatory SSO authentication?

Enabling the Enforce this authentication mode option, does not mean that a person can sign up to the platform even if their email domain matches the one defined in the settings by the administrator.

It is therefore important to activate the Allow users to sign up without invitation option from the Administration, Authorisations section and to define the email domains concerned. You'll then allow this future user to register by himself once redirected to the talkspirit login page and thus join your platform.

User case

How does a user register with a mandatory SSO?

A user who doesn't have a Talkspirit account must log in through the activated SSO from the Talkspirit login page.

He'll then have to authenticate to the SSO before being automatically redirected to the Talkspirit page which will allow him to complete his information. All he'll have to do is accept the general terms and conditions of use and then click OK to join the platform.

NB: in this case, the user doesn't have the possibility to define a password for his platform. The login identifiers will be those defined for the SSO connection.

How does a user log in with a mandatory SSO?

When a user is required to authenticate via a connection service, he must connect to the SSO from the Talkspirit login page and authenticate to this service.

He'll then be instantly connected to the platform, without having to enter his login details again.

SSO on mobile

The mobile application

You won't be able to log in via an SSO on the mobile application. You'll have to log in via a QRCode.

Each user has a unique QRCode, accessible from your desktop application only or via a browser access (from your computer), available from the Help & More tab, Mobile Apps section.

The mobile browser

Once you're on the Talkspirit login page, you'll be able to log in via the SSO but won't be able to register to the platform via this means.

How does the functionality appear on the Standard and Premium offer?

It is possible to define these authentication modes to the platform on both levels.

Keywords associated

Connection, authentication, SSO, administrator, administration.

To go further

Did this answer your question?