Managing your team, Single Sign On (SSO) and other settings
- How are teams structured?
- How to add users to your account
You can find your account settings by clicking on your profile picture in the bottom left corner.
There you will find the following sections
- Profile: Here you can update your name, password as well as your profile photo
- Team: This is where you can invite your colleagues to your account, manage their permissions (if you're an administrator), enable Single Sign On and more
- Activity: This section shows an actvitiy feed within your account - how many documents are being synchronized every hour, how are your rules doing, and all the interactions between members of your team
- Billing. This is where you'll be able to pay for your EnjoyHQ account, get your invoices as well as manage your subscription
- Sharing This section helps you to manage all share items, review access requests and list all shared documents, projects and so on. Read more here.
How are teams structured?
EnjoyHQ is a collaborative tool - meaning that many users share the same team. An account is an entity which groups multiple teams which contain users:
If your account has multiple teams support enabled, the structure would look like this:
Users can switch between teams at any point, as long as they are part of the same account.
Given the above it means, that signing up for a new EnjoyHQ account, will create a completely separate account and team structure. Accounts are completely isolated from each other and their users or data cannot be moved between them. Your security and compliance team will love this 💖
How to add users to your account
✨ Magic invite link
Each EnjoyHQ team has a unique invite link assigned, simply grab the link and share it with your colleagues - once they go to the singup page, they will be able to join your account right away, by providing their name, email and password.
All administrators in the account will be notified whenever a new team member joins via the magic link.
📧 Inviting via email
Adding a team member couldn't be simpler! Complete the following steps:
- Select "Team" from the applcation menu
- Select "Invite via email" option
- Enter the name, email address and the permission role you want to assign.
- Hit "Invite".
Your team-mate will now receive an email, prompting them to set a password and activate their EnjoyHQ account.
Happy collaboration! 🙌
Single Sign On
We offer a set of different Single Sign On options, which you can configure yourself
- Google G-Suite
- Azure AD
Additionally, we offer support for One Login and generic SAML identity providers - please reach out if you need these activated in your account.
To link EnjoyHQ and your Google Apps account go to the team management section and navigate to the Single Sign On option adn then click on "Configure SSO". From there follow steps in the configuration wizard:
Example setup: Okta
When setting up Okta, all you will need is the SOO configuration at hand - fastest way is to export the IDP.xml file from your Okta settings - read more about it here. When ready click on "Configure SSO" button and follow the steps:
Example setup: Google G-Suite
Once you click on "Configure SSO", select "Google" and enter all domains which are linked to your G-Suite organization:
Legacy Google Sign On
Some accounts might have legacy Google Sign On enabled - it is not necessary to change anything if it works for you as we're not planning to remove it for the time being. One limitation of the Legacy Google SSO is that it supports only one pre-configured domain. If your Google G-Suite organization supports multiple domains - you will have to migrate to the current SSO option.
You might need to remove the legacy Google SSO if you're planning to:
- change Single Sign-On provider (e.g. Okta)
- want to configure more domains to be allowed when signing in via Google G-Suite
To migrate, simply remove current Google SSO and proceed to setup the new connection:
From now on anyone any colleague from your team, will be able to sign in via configured SSO option. All they have to do is to the "Login with SSO" and input your company's domain, as configured in the Setup step:
Removing a Team Member
If you need to remove someone from your account, then you can do so by clicking "Remove", next to their email address in the Team Members section of your Team Settings.
Users who are removed won't be able to sign-in again, be invited again or open a brand new EnjoyHQ account. If SSO is configured, deleted users won't be able to sign in.
Please refer to the roles and permissions page.
Transferring account ownership
EnjoyHQ doesn't have a concept of an account owner. Anybody with the "administrator" role can manage all aspects of the account.
In order to transfer ownership of an account, present account administrator has to grant the administrative role to another user, which in turn will turn the original admin into a read-only user or remove the original admin's user account.
In case your account has no administrative seats available - you can temporarily upgrade to have two seats available and carry out the swap. Our billing will charge you only for the time used for having the extra seat.
- Can I connect more than one SSO option (e.g. Okta and Google G-Suite)?
No, only one connection can be active at a time.
- Do you support generic SAML 2.0 for SSO?
Yes, the SSO setup wizard will guide through SAML 2.0 setup
- Do I have to invite users if SSO is configured?
No - anybody in your configured Sign-On directory can just sign up without a prior invitation. By default their permission level will be set to read-only and can be changed later.
While the email invite and magic link options are still available if you'd like to add users outside of your organiztion, bear in mind that if you have invited a user from your team and they try to sign-in while the inviation is pending - they won't be able to sign in until they accept the invitation.
- What happens when a new team member signs in via SSO?
If a new user joins your team by signing in via SSO the following happens:
- a new user is created in your team
- their permission is set to read-only
- their user record by default will have password authentication disabled but it can be enabled if they choose to reset their password
If a user was added to your team, prior to enabling SSO they can still use it to log in, assuming their email address is the same in your identity provider (Google G-Suite, Okta, etc)
- Can I or my colleagues belong to more than one team?
We offer multi-team support as part of our Enterprise plan.
- How are EnjoyHQ users linked to users signing-in via SSO?
SSO matches users via their email address, so if your (as an example) G-Suite email is firstname.lastname@example.org and you've signed up with that email addres - then signing in via SSO will work out of the box. If the emails are not matched (for example in G-Suite, your email address is email@example.com), we will create a new team member with the email provided by the SSO endpoint, and grant them read-only role. The only way to log in to your original user account is by providiring email & password.
This is sometimes undesirable, so please reach out to us and we can update the emails for you to match the existing user in Enjoy to the one in your SSO provider.