Single Sign-On (SSO) is a simple and secure way to log into StaySafe. We are currently compatible with Microsoft Azure Active Directory (AD) and Okta.
Instead of logging into StaySafe every time with your Email and Password, with SSO, you can authenticate using a trusted Identity Provider allowing you to use one email and password to access multiple web applications.
Single Sign-On is only available in the StaySafe Hub, not the StaySafe app, and is disabled by default. If you would like to enable SSO, contact us at support@stayssafeapp.com, and we will set it live for your Organisation.
Frequently Asked Questions
If Single Sign-On is enabled, can I also use a separate password for StaySafe?
StaySafe Hub users who do not have, and have never had, app access will not have a Password, so they will only be able to sign in using SSO.
StaySafe Hub users with app access, or StaySafe Hub users who have previously had app access, will have a password set so that they can access the app. It is not possible to remove the password.
The only exception to this is for an Organisation which previously operated without SSO. Any Users created whilst SSO was not enabled will have a Password and will still be able to log in using it if they wish.
Can Single Sign-On be enabled by an Organisation after Users have been created?
Yes, any StaySafe Hub Users created after SSO is activated will only have the ability to log in via SSO.
However, any Users created before SSO was enabled will still be able to use their Email and Password to login.
What happens if Single Sign-On is disabled by an Organisation?
Disabling SSO in an Organisation cannot currently be supported as it would leave StaySafe Hub Users without a password.
NOTE: we are working on new functionality to identify Users without a Password in an Organisation and send a bulk email to allow them to set a new password.
What happens if an existing StaySafe Hub User is granted app access but did not create a Password on activation due to Single Sign-On being enabled?
This will trigger an Email to the User enabling them to set a Password. This email is valid for 14 days.
You will be able to see if Users have set their Passwords in the Usage Report. This information is only available in Organisations with SSO enabled.
Is Single Sign-On compatible with 2 Factor Authentication?
2FA is not compatible with SSO, and is disabled for any Organisations using SSO.
Can Single Sign-On be enforced for all Users?
If a User is created without app access, there is no option to set a Password when they Activate their account, and setting a Password under their Account Details is not available.
However, if the User was created before SSO was enabled, they will already have a Password. Similarly, if they have app access, they will have to create a Password a the app does not support SSO.
In both of these scenarios, where a Password has been created for their User account, they could use these credentials rather than SSO.
Is it possible to have an Admin User that can bypass the Single Sign-On?
Yes, but only if the Admin User has a Password set. An Admin User will have a Password in either of the following scenarios:
Their User account was created before the Organisation enabled SSO.
They have been granted app access with the Lone Worker Role, inviting them to create a Password.
What's Next?
Find out how to log in using Microsft Azure Single Sign-On, Okta Single Sign-On and have a look at our Single Sign-On Troubleshooting.