Managing your team, Single Sign On (SSO) and other settings

You can find your account settings by clicking on your profile picture in the bottom left corner.

There you will find the following sections

  1. Profile: Here you can update your name, password as well as your profile photo
  2. Team: This is where you can invite your colleagues to your account, manage their permissions (if you're an administrator), enable Single Sign On and more
  3. Activity: This section shows an actvitiy feed within your account - how many documents are being synchronized every hour, how are your rules doing, and all the interactions between members of your team
  4. Billing. This is where you'll be able to pay for your EnjoyHQ account, get your invoices as well as manage your subscription
  5. Sharing This section helps you to manage all share items, review access requests and list all shared documents, projects and so on. Read more here.

How to add users to your account

Each EnjoyHQ team has a unique invite link assigned, simply grab the link and share it with your colleagues - once they go to the singup page, they will be able to join your account right away, by providing their name, email and password.

By default all users who join this way will have read-only permission assigned, therefore you won't be charged for them

All administrators in the account will be notified whenever a new team member joins via the magic link.

If you do not recognize the new team member, you can remove them from your account and refresh the invite link so that the previous one cannot be used any more.

📧 Inviting via email

Adding a team member couldn't be simpler! Complete the following steps:

  1. Select "Team" from the applcation menu
  2. Select "Invite via email" option
  3. Enter the name, email address and the permission role you want to assign.
  4. Hit "Invite".  

Your team-mate will now receive an email, prompting them to set a password and activate their EnjoyHQ account.

Happy collaboration! 🙌

Single Sign On

We offer a set of different Single Sign On options, which you can configure yourself

  • Google G-Suite
  • Okta
  • Azure AD
  • ADFS

Additionally, we offer support for One Login and generic SAML identity providers - please reach out if you need these activated in your account.

SSO and Security: All SSO options are powered by WorkOS - an Enterprise grade SSO connector. WorkOS stores only the details necessary to initate a delegated authentication flow: they do not store any of your credentials or user information but simply act as means of simplifying authentication. You can learn more about WorkOS' security here
Legacy Google Sign On

Some accounts might have legacy Google Sign On enabled - it is not necessary to change anything if it works for you as we're not planning to remove it for the time being. One limitation of the Legacy Google SSO is that it supports only one pre-configured domain. If your Google G-Suite organization supports multiple domains - you will have to migrate to the current SSO option.

You might need to remove the legacy Google SSO if you're planning to:

- change Single Sign-On provider (e.g. Okta)

- want to configure more domains to be allowed when signing in via Google G-Suite

To migrate, simply remove current Google SSO and proceed to setup the new connection:

Setup

To link EnjoyHQ and your Google Apps account go to the team management section and navigate to the Single Sign On option adn then click on "Configure SSO". From there follow steps in the configuration wizard:

Example setup: Okta

When setting up Okta, all you will need is the SOO configuration at hand - fastest way is to export the IDP.xml file from your Okta settings - read more about it here. When ready click on "Configure SSO" button and follow the steps:

Example setup: Google G-Suite

Once you click on "Configure SSO", select "Google" and enter all domains which are linked to your G-Suite organization:

Signing-in

From now on anyone any colleague from your team, will be able to sign in via configured SSO option. All they have to do is to the "Login with SSO" and input your company's domain, as configured in the Setup step:

Removing a Team Member

If you need to remove someone from your account, then you can do so by clicking "Remove", next to their email address in the Team Members section of your Team Settings.

Users who are removed won't be able to sign-in again, be invited again or open a brand new EnjoyHQ account. If SSO is configured, deleted users won't be able to sign in.

User Permissions

Please refer to the roles and permissions page.

Q&A

  1. Can I connect more than one SSO option (e.g. Okta and Google G-Suite)?

No, only one connection can be active at a time.

  1. Why the "WorkOS" shows up when signing in to EnjoyHQ?

All SSO options are powered by WorkOS - an Enterprise grade SSO connector. WorkOS stores only the details necessary to initate a delegated authentication flow: they do not store any of your credentials or user information but simply act as means of simplifying authentication. You can learn more about WorkOS' security here.

Thanks to WorkOS we also support generic SAML backends - please get in touch if you want to use it in your account.

  1. Do I have to invite users if SSO is configured?

No - anybody in your configured Sign-On directory can just sign up without a prior invitation. By default their permission level will be set to read-only and can be changed later.

While the email invite and magic link options are still available if you'd like to add users outside of your organiztion, bear in mind that if you have invited a user from your team and they try to sign-in while the inviation is pending - they won't be able to sign in until they accept the invitation.

  1. What happens when a new team member signs in via SSO?

If a new user joins your team by signing in via SSO the following happens:

  • a new user is created in your team
  • their permission is set to read-only
  • their user record by default will have password authentication disabled but it can be enabled if they choose to reset their password

If a user was added to your team, prior to enabling SSO they can still use it to log in, assuming their email address is the same in your identity provider (Google G-Suite, Okta, etc)

  1. Can I or my colleagues belong to more than one team?

We offer multi-team support as part of our Enterprise plan.


How Did We Do?


Powered by HelpDocs (opens in a new tab)