Getting Started with Single Sign-On (SSO)

MASV supports Single Sign-On ( SSO ) with SAML-based authentication. A MASV team owner can configure a SAML-enabled Identity Provider (such as Okta, Azure AD, PingOne ) to provide user management and service authentication for MASV.

Note:

  • Once SSO is enabled for a MASV team, all its admins and members must sign in with SSO. Only the team owner may sign in with an alternative method ( Sign in with Google; or email/password combination )
  • All admins and members must use an email with domain that is verified by MASV. For example, an SSO-enabled team is verified for company.com, and its MASV users must have an email such as employee@company.com configured in the Identity Provider.
  • SSO-enabled team admins and members cannot change their password, use their old sign in method, or change their email in MASV. This is handled by the Identity Provider.
  • Sign in with SSO is enforced for users even if they want to access a different MASV team that is not SSO-enabled. After signing in with SSO, the user can see all their MASV teams that they belong to, as usual, and switch to any other team.
  • A unique SSO Name is used by each SSO-enabled team. All users will need to know their SSO Name to sign in with SSO.
  • SCIM is not currently supported by MASV.
    • New users are onboarded with ‘Member’ role. The MASV team owner can manually promote a user to ‘Admin’ role in the Users setting page.
    • Automatic offboarding of users is not supported. In other words, removing a user’s MASV access in the Identity Provider will prevent them from signing in to MASV, but that account still appears in the Users setting page. A MASV owner or admin can manually remove the account in the Users page.

 

MASV Owner: Setting up SSO

There are two main steps to set up SSO for MASV:

  1. Domain Verification
  2. Configuring the Identity Provider

NOTE: After setting up SSO, notify your MASV team members of your company’s SSO name. They will need it when they sign in with SSO.

MASV User: Onboarding

  1. At the MASV sign in page ( or in the MASV desktop app ), click Sign in with SSO.
    Web app sign in
    Desktop app sign in
  2. Enter your company’s SSO Name. Your MASV Owner / SSO Admin will provide this.
    SSO name
  3. You may be redirected to your Identity Provider. Enter your credentials.
  4. You will now receive an email to join the MASV team. Open the email and click Join Now.
    Join team SSO

  5. Return to the MASV sign in page, and click Sign in with SSO.
  6. Enter your SSO Name.
  7. You will now have access to the MASV web/desktop app.