Getting Started with Single Sign-On (SSO)

Note:

• After SSO is enabled for a MASV Team, all its admins and members must sign in with SSO. Only the Team Owner can sign in with an alternative method (Sign in with Google; or email/password combination).
• All MASV Admins and Members must use an email with a domain that is verified by MASV. For example, an SSO-enabled team is verified for company.com, and its MASV users must have an email such as employee@company.com configured in the Identity Provider.
• SSO-enabled MASV Team Admins and Members cannot change their password, use their old sign in method, or change their email in MASV. This is handled by the Identity Provider.
• Sign in with SSO is enforced for users even if they want to access a different MASV Team that is not SSO-enabled. After signing in with SSO, the user can see all the MASV Teams that they belong to, as usual, and switch between Teams.
• A unique SSO Name is used by each SSO-enabled Team. All users will need to know their SSO Name to sign in with SSO.
• SCIM is not currently supported by MASV.
  • New users are onboarded with Member role. The MASV Team Owner can manually promote a user to Admin role in MASV Web App (Features & Settings > User Management).
  • Automatic offboarding of users is not supported. In other words, removing a user’s MASV access in the Identity Provider will prevent them from signing in to MASV, but that account still appears and if active, remains so until timeout or log out. It is recommended that the MASV Team Owner or an Admin manually remove a user from the User Management page in the MASV Web App to bar access immediately.