Single sign-on makes logging into SafeSend fast, easy, and secure. Users can log in by clicking the Continue with Office 365 button on the log-in page.
Please note:
Single Sign-On is currently only available for Microsoft Office 365.
Enable Single Sign-On In SafeSend
Single Sign-On must be enabled in SafeSend by an administrator on the account.
- Navigate to the Suite Settings.
- Click Security.
- Click the Gear icon under the Single Sign-On section.
- Select one of the 3 options: Azure Ad Group(s), SSR Users List, or Azure Tenant ID.
- Enter Group ID or Tenant ID if applicable.
- See below for more information on how users will proceed with login based on the setting selected.
- Click Add.
- The O365 switch button will be toggled to On.
Logging in
Important
Depending on the Azure company settings, you may see a permissions pop-up after the first sign-in to SafeSend.
- Azure Administrator can check box 'Consent on behalf of your Organization' to allow other users to bypass this screen.
When this option is used, users will be automatically created in SafeSend and will allow them to log in using their Office 365 credentials.
- Approval is not required.
- Users automatically added will only have the Staff user group. To edit user groups/details, refer to the User Management article.
Obtain Microsoft Office 365 Group ID
Please note:
A group must be created by a system administrator in Azure and the ID must be added to the Suite settings before registering and adding the enterprise application.
- Log in to the Azure Portal.
- Navigate to Active Directory to open the Domain Overview page.
- Click Groups on the left-hand side.
- Enter the name of the group you are looking for in the Search Groups field.
- Copy the Group ID (Object ID) from the Object ID column.
Register for the SafeSend Suite Enterprise Application
A system administrator will need to add SafeSend as an Enterprise Application before they will have access to add user groups.
- Browse for Enterprise applications from Azure Portals Global Search field.
- Once the application is opened, click + New Application. This will take you to the Microsoft Entra Gallery.
- Search for SafeSend Suite SSO and click on the application to continue the registration.
- Click Sign up for SafeSend Suite SSO.
- The SafeSend site will open, and here you will click Continue with Office 365.
- A consent screen will open. Click Accept.
- Administrators can select Consent on behalf of your organization.
- If this is not selected, the consent will only apply to the logged-in user.
- All remaining users that sign in will have to Accept when they log in using Continue with Office 365.
- Administrators can select Consent on behalf of your organization.
Add Users/Groups to the Enterprise Application
Please note:
A user group must be already created to follow the steps below.
- Navigate to Enterprise applications.
- Search for SafeSend Returns.
- Click +Add User/Groups.
- Click None Selected from left-hand side.
- Select the Group(s) to be added to SafeSend and click Select.
- The next screen will show all the groups selected. Click Assign.
If you have any trouble accessing Azure Portal or obtaining your Group ID, please contact Microsoft® Azure Support.
If you see the following error message, your firm will need to upgrade your Microsoft® subscription to a plan that includes Groups, or use the User List option in SafeSend.
The SSR user list allows existing users to log in using their Microsoft® Office 365 credentials.
- The user will need to appear in the Azure Tenants and SafeSend for a successful log-in.
- No approval is needed.
This option allows you to add your Azure Tenant ID in which all users corresponding to that ID will be allowed to log in using their Office 365 credentials.
- If the user is already added as a user in SafeSend, no approval is needed for access.
- If the user is NOT already a user in SafeSend, approval is required for the user to access.
Approve or Deny New Users
The approval (or denial) can be done via email or in the SafeSend Suite app. This is a one-time approval.
- The firm admin will receive an email that a new user is requesting access via Microsoft® Office 365.
- They will have the ability to Approve or Deny those privileges from that email request.
SSR App
- Navigate to Account Management.
- Click User Permissions.
- Choose Grant Access or Deny for each user.
Revoke SSO (Single Sign-On) Access
SSO can also be revoked after the user has been given access:
- Navigate to User Management.
- Find the User you wish to revoke access to then click on the Action(...) menu.
- Select Revoke Office 365.
- You can choose to revoke access Temporarily or Permanently by choosing the respective option.
- Temporarily - The user will lose the ability to sign in via SSO but can request SSO access again. The system admin will have to admit them.
- Permanently - The user will lose the ability to sign in via SSO but cannot request access again. To reinstate SSO access the system admin will have to edit the specific user in User Management.
- Click Apply Changes.
For more information about User Management, see the Firm Settings Setup Guide.
Comments
Article is closed for comments.