How to Configure and Use Single Sign On in LCI

 

At Lifecycle Insights data security is paramount.   

We now offer you the ability to secure your user account access with both our current MFA platform, and now a Single Sign On option.   

 

Now you have the convenience and added security of linking Google Account or Microsoft Account for Single Sign On access to Lifecycle Insights.  Both MFA and SSO can be enforced at the organization level or at the user level for better management.    

Graphical user interface, application

Description automatically generated

 

 

*Please note – SSO is available to all users regardless of setting any forced SSO policies for your users or organization.   Forced SSO will disable login/PW/MFA login options for your users.

 

Setting Up SSO Enforcement

 

  1. From the VCIO menu select Account Settings from the Administration section of the menu. 
  2. Open User Manager by selecting and clicking on the User Manger tile.  You can also set global level SSO enforcement from the Account Settings App Settings menu page.
  3. You will see a new column in the user list showing the SSO status for each user. 
  4. You will also see a checkbox option to force SSO for all users at the top of the data panel. 
  5. From here, there are two options for setting up Forced SSO for your user accounts. 

Option 1. Enforce SSO accounts globally

Option 2. Enforce SSO sign-on per user account

 

 

 

Globally Forced SSO

 

Clicking the ‘Force SSO for all users’ checkbox is the only step needed to enable SSO globally for your organization.  (This includes all external user accounts)

 

Checking this option will show in the data panel immediately in the Force SSO column.

 

 

 

Setting Forced SSO on a per user basis

 

  1. From the User Manager data panel, select the user you wish to edit.
  2. In the Edit User window, check the Force SSO box for the user, then click the update user button.

 

Graphical user interface, text, application, email

Description automatically generated

 

 

Please note: Individual Settings will be retained if configured for each user.   If you de-select the Force SSO for all users.    Individual settings to force SSO will remain in place for any user accounts that were edited for SSO individually. 

 

 

If a user attempts Login with a username and password, the user will receive an error message indicating that they are required to use an SSO login option to gain access to the site. 

 

Graphical user interface, text, application, email

Description automatically generated

 

 

 

Configuring Microsoft accounts for SSO

 

If SSO is enforced, the first time a user clicks the Login with Microsoft button, they will be prompted to allow the app to access your information.  The user will need to click the Yes button to allow SSO account credentials to pass through to the LCI app.

 

Text

Description automatically generated with low confidence

 

The user’s Microsoft account is required to be linked to the same email address that is registered to the user in the LCI platform. 

 

If the user accounts differ from each other, the user will see the error message below:

Graphical user interface, text, application

Description automatically generated

Microsoft account settings for users can be verified via the settings/account management functions within windows.  

 

Configuring Google Account for SSO

Google account sign in works in the same manner as MS account sign in. 

If SSO is enforced, first time users will see the below configuration screen on first login attempt.

Graphical user interface, text, application

Description automatically generated

 

The user’s Google account used is required to be linked to the same email address that is registered to the user in the LCI platform. 

*Note: When you log into LCI via Microsoft SSO - Microsoft will send back the following three fields:  Email Address, Preferred User Name, and Verified Email Address.  These are optional from MS's perspective so they may not return data for all fields.  The LCI application will check to find the first field that returns data in that order (Email first, Preferred User Name second, Verified Email last).  The first field that is found, the LCI application will attempt to match in LCI / User Manager.  If the application doesn't find a match, you will not be able to log in via SSO. 

If the user accounts differ from each other, the user will see the error message below:

Graphical user interface, text, application

Description automatically generated