Single Sign-on
New in Yesplan 31
Single sign-on is an authentication method allowing you to sign in safely with multiple applications or websites using just one set of login data, originating from an external account with e.g. Google or Microsoft. You can link your Yesplan profile with a remote account and use it to sign in to Yesplan.
Remark
Single sign-on is a paid module in Yesplan. Therefore, this module needs to be activated in your installation of Yesplan first:
- Contact support@yesplan.be to have the single sign-on activated.
- Once the module is activated, you can get started with single sign-on.
Configuration§
A Yesplan administrator can manage the single sign-on options in “System Settings” > “Users” > “Single Sign-On”.
The following accounts are supported:
-
Google
- All Google accounts.
- Only accounts in a specific domain. When setting the domain to ‘example.com’ you can link the account ‘violet.trudeau@example.com’, but not the account ‘violet.trudeau@gmail.com’.
-
Microsoft
- All Microsoft accounts.
- Only accounts of a specific Microsoft tenant. You must enter a tenant ID in order to set this. You can find more information about where to find your tenant ID on the Microsoft Website.
It is possible to link your Yesplan profile with multiple external accounts. For example, your Yesplan profile can be linked with a Google account and also a Microsoft account if both these methods are allowed. You can also link multiple accounts from the same provider with your Yesplan profile.
It is not possible to link the same external account with different users within the same Yesplan installation.
Attention
Click the “Save” button (below the list) to save your changes.
Remark
- In the table of users, the “Authentication” column shows a list of all authentication methods which have been created for a user.
- If you deactivate an authentication method, then users who previously added this method will no longer be able to use it to sign in. In the list of authentication methods this is then marked as disabled.
- You can request a detailed summary by clicking “Show Authentication Settings”. This summary is where an administrator can change and delete the password, and delete linked accounts for single sign-on.
Enforce Single Sign-on§
You can require users to use single sign-on. Then, signing in by using a password in combination with your email address (or username) is no longer possible.
Warning
If your own Yesplan profile is not linked with an allowed authentication method, you will not be able to save the changes. After all, this would mean that, as an administrator, you would no longer be able to sign in to Yesplan yourself.
Tip
You can make your Yesplan installation extra secure by only allowing users to sign in with a single sign-on method requiring multi-factor authentication.
Users who have not yet linked an external account with their Yesplan profile once single sign-on is enforced, will need to be invited again. With this invitation the user can link an account for single sign-on.
Tip
- Under the “Users” tab you can filter the list of users using the drop-down menu “Show Users” at the top of the table.
- Users who no longer have a valid way of signing in are also displayed when you filter the list on “Not invited yet”.
- Using the button “Send Invitations…” top right of the table you can invite all users who have not yet been invited, or who need a new invitation due to changes in the authentication methods.
Linking External Account with a Yesplan Profile§
New User§
When inviting a user, they will receive an email containing a link with which to set up an account. In doing so, the user can choose from all authentication methods allowed at that moment. If single sign-on is allowed, a button appears in order to link the external account.
Signed-in User§
Depending on the allowed authentication methods, a user can change the password, or add or delete external accounts for single sign-on in the screen “User Profile”.