MASV supports Single Sign-On ( SSO ) with SAML-based authentication. A MASV team owner can configure a SAML-enabled Identity Provider (such as Okta, Azure AD, PingOne ) to provide user management and service authentication for MASV.
Note:
- Once SSO is enabled for a MASV team, all its admins and members must sign in with SSO. Only the team owner may sign in with an alternative method ( Sign in with Google; or email/password combination )
- All admins and members must use an email with domain that is verified by MASV. For example, an SSO-enabled team is verified for company.com, and its MASV users must have an email such as employee@company.com configured in the Identity Provider.
- SSO-enabled team admins and members cannot change their password, use their old sign in method, or change their email in MASV. This is handled by the Identity Provider.
- Sign in with SSO is enforced for users even if they want to access a different MASV team that is not SSO-enabled. After signing in with SSO, the user can see all their MASV teams that they belong to, as usual, and switch to any other team.
- A unique SSO Name is used by each SSO-enabled team. All users will need to know their SSO Name to sign in with SSO.
- SCIM is not currently supported by MASV.
- New users are onboarded with ‘Member’ role. The MASV team owner can manually promote a user to ‘Admin’ role in the Users setting page.
- Automatic offboarding of users is not supported. In other words, removing a user’s MASV access in the Identity Provider will prevent them from signing in to MASV, but that account still appears in the Users setting page. A MASV owner or admin can manually remove the account in the Users page.
MASV Owner: Setting up SSO
There are two main steps to set up SSO for MASV:
- Domain Verification
- Configuring the Identity Provider
NOTE: After setting up SSO, notify your MASV team members of your company’s SSO name. They will need it when they sign in with SSO.
MASV User: Onboarding
- At the MASV sign in page ( or in the MASV desktop app ), click Sign in with SSO.
- Enter your company’s SSO Name. Your MASV Owner / SSO Admin will provide this.
- You may be redirected to your Identity Provider. Enter your credentials.
- You will now receive an email to join the MASV team. Open the email and click Join Now.
- Return to the MASV sign in page, and click Sign in with SSO.
- Enter your SSO Name.
- You will now have access to the MASV web/desktop app.