February 25, 2021 ·
Question: We have many users in our SSO directory. Who can login to BizMerlinHR? Employees? Contracts? Friends? Guests?
The way this works is as follows:
Suppose you have 11 “users” “active” in BizMerlinHR, with names: A1, A2.. A10, and B11
[Please note the 11th user with a slightly different name B11.]
Suppose you have 100 users in your SSO (Azure AD, GSuite, Okta, etc.) with names: A1, A2.. A100.
Suppose now you enable “Login using SSO” in your BizMerlinHR settings. [To enable, you only need to toggle the correspdong SSO slider to “On” position – no other details are needed.]
Then, only 10 (A1.. A10) can login to BizMerlinHR using SSO – These are 10 users that are in common between the two systems.
Other 90 cannot connect since they have no record in BizMerlinHR. These 90 users have no license/cost implications in BizMerlinHR.
Your 11th user B11 – can still login to BM, using username and password, but cannot leverage SSO, since they don’t exist in SSO directory.
If you choose to allow login via SSO only, and hide the BizMerlinHR login form (in your SSO settings), then the user B11 will NOT be able login, since they are not in SSO directory.
What is the best way to manage this?
- Create every user in your SSO directory, as you normally do. Generally, your SSO directory should be a super set of your BizMerlinHR directory.
- Create only those users in BizMerlinHR, who need access to BizMerlinHR.
- Enable Login using SSO, and disable the BizMerlinHR login, so that you can manage the access directly within your SSO directory.