SSO login capabilities have been added for customers on Saltmine. Previously, any SSO setup on platform needed to be handled individually and integrated. With this newest update, customers can login via SSO and not have to create a password on the Saltmine platform.
Multi-Factor Authentication note: Saltmine supports multi-factor authentication. But please note that, if the users log in via their SSO provider, then they will be redirected to their own multi-factor authentication. Only if the user uses a Saltmine password, then they would use Saltmine’s MFA.
Example:
Employee (with an @CustomerOrg.com email) would be able to log in using their company’s credentials (Saltmine Login Page→ Type Email → Redirected to Identity Provider Page→ Type Organization email and password → Redirected to Saltmine for completed login).
External vendors that do not have an @CustomerOrg.com email, will not go through those steps. Instead, they must create a Saltmine password with their emails.
Benefits:
- Seamless user management and administration
- Better experience (reduces login time) for new users within Saltmine
- When an employee is terminated, the corresponding user profile on Saltmine is no longer accessible
How to get SSO setup?
Reach out to your Customer Success Manager to start the conversation!
Integration Instructions for Customer’s IDP
*Please Note: For the best user experience, please push for OIDC over SAML integration.
Troubleshooting:
Why am I getting the error messages below on the login page?
“Your Organisation or email is not authorised to access Saltmine”
Two possibilities of this happening:
- We’ve disabled the users and IDP from accessing Saltmine, through Saltmine’s SSO service provider (Okta)
- Customer has not granted user access to Saltmine app created on their IDP
Solution:
- Verify that the user is granted access to Saltmine app created on customer’s IDP
- Else, contact engineering team with customer and user’s details (IE: email domain(s), email)
”We could not log you in, the email is not associated with any Saltmine customer account”
The email provided is authenticated by the IDP, but a user account with the email is not added to any Saltmine customer.
Solution:
- Verify that the email address used to sign in is added as a user in Saltmine app
- Verify with user that they are logging in with the email address that is added as a user in Saltmine app
- Verify that user with the email address is added to a customer
”We could not log you in. Your login email <email> is not associated with any Saltmine Account”
The email provided is authenticated by the IDP, but a user account with the email does not exist in Saltmine app.
Solution:
- Verify that the email address used to sign in is added as a user in Saltmine app
- Verify with user that they are logging in with the email address that is added as a user in Saltmine app
My session expired, I’m stuck at the screen that says “Re-authenticating..”, and nothing is happening
In most cases, this is due to the user’s browser blocking the app from opening a new tab that facilitates the SSO re-login process, or the new tab is terminated preemptively by the user.
Solution: Enable pop-up/new tab by Saltmine in browser settings
My session expired, I’m stuck at the screen that says “Re-authenticating..”, and nothing is happening
In most cases, this is due to the user’s browser blocking the app from opening a new tab that facilitates the SSO re-login process, or the new tab is terminated preemptively by the user.
Solution: Enable pop-up/new tab by Saltmine in browser settings
I’ve entered my credentials and logged in on my company’s sign in page, but was prompted with a message to request for admin approval for Saltmine
Depending on which social login, SSO security configuration used by customer, customer’s SSO admin may need to grant Saltmine access to their resources. This needs to be done once only.
I was told that I can login to Saltmine using SSO, but I was prompted with the password input field on the app
This could be a user error, mapping error, or incomplete integration.
Solution:
- Verify that the user has entered an email address with the correct domain
- Else, contact Saltmine’s engineering team with customer’s details (email domain, user’s email)
FAQ:
Question:
Does Saltmine support a Dual Authentication SSO? If dual authentication is not possible, we would basically need to create our outside vendors (architect designers, furniture supplier) as contractors to give them an org email that would need to be re-approved every 6 months.
Answer:
Assuming Saltmine sets up a customer’s identity provider ( E.g. Microsoft, Okta, Google, etc) – any employee logging in with an @(CustomerOrg).com email would login to the platform using their organization credentials.
Any other email domain, one that a contractor might use, will not go through the identity provider page, rather they would create a saltmine password with their emails (the current process). This method would avoid the need to re-approve a contractor’s customer org email every 6 months.