Single Sign-On (Azure)

Allow your users to log in with your domain usernames and passwords.

This is a Pro plan feature

Prerequisites

This feature requires:

  • An active Azure Active Directory tenant for your organisation containing all users attached to your domain

  • Your tiny+ user account email address domains must match your Azure Active Directory domain enable them Single Sign-On. Sub-domains or variations on your email domain are not currently supported. For example if your tiny+ login is jane.donaldson@mycompany.com, and your Azure Active Directory login is jane.donaldson@ad.mycompany.com or jane.donaldson@mycompany.net then you will not be able to activate this feature.

  • Your tiny+ admin user account must use the same Azure domain.

Enable Single Sign-On for your account

You must be an Account Admin to enable this feature.

Navigate to Account Settings -> Single Sign On.

Click Enable SSO for [your domain].

You will be asked to log in to Azure Active Directory. Please log in with an account capable of granting organisational consent on behalf of the directory.

Accept the permissions and you will be redirected back to tiny+. Confirm that your domain has been added to the Single Sign On enabled domains list.

Once permissions are granted, all existing users with tiny+ logins for the domain added will now log in to tiny+ with their Active Directory username and password. If your user does not have an enabled Active Directory user account, they will be unable to log in to tiny+.

Please be aware, tiny+ will not communicate this change to your users on your behalf. You should prepare your own communications to your users regarding this change.

What will my users see?

When logging in to an SSO-enabled domain, the login screen will hide the 'password' field once it detects a valid domain, and the 'Login' button will be replaced with a 'Continue' button. The user will be redirected to log in with their Azure Active Directory credentials. If the user is already logged in on their browser, this may happen with no user prompts.

Account Provisioning / Deprovisioning

Your user account provisioning and management will still be handled in tiny+, however we plan to extend this additional capability to Azure Active Directory later in 2020.

And note that any users whose Azure AD accounts are disabled will be unable to log in to tiny+.

Notes and other considerations

  • New users added to your tiny+ account will be required to set a tiny+ password when they first sign up, but all subsequent logins will use Azure Active Directory for authentication.

  • Be wary of email address discrepancies between Active Directory and tiny+. For example, imagine user Jane Donaldson has two email addresses - jdonaldson@mycompany.com and jane.donaldson@mycompany.com. Her Active Directory email login is jdonaldson@mycompany.com however her tiny+ login uses the jane.donaldson@ address. Once Single Sign-On is enabled, Jane will no longer be able to access tiny+ until her tiny+ email address is changed to match her Active Directory login address.

More questions?

If you have any queries or would like support in the use of this feature, please contact our support team.