The Login Experience for Single Sign-On

The single sign-on (SSO) login experience depends on different factors, such as whether it's the user's first time logging in, if there are multiple licenses, how the identity provider (IdP) is set up, etc.

[Menu Proxy — Headings — Online — Depth3 ]

First-Time SSO Login

The first time users try to access Central, they might experience one of two scenarios.

Scenario 1

The following login window displays if the user tries to access the Central portal in general, as opposed to a specific license.

Example The user goes to https://madcapcentral.com instead of https://fictionsoftinc.madcapcentral.com), where "fictionsoftinc" is the vanity for the license.

In this case, the user needs to have an email and password already associated with Central to log in. That's because it's possible for a person to be part of multiple licenses, some enabled with SSO and some not, and Central doesn't know which you want to access.

Note The login window above would also display if the license is not yet enabled for SSO.

Note If you do not already have a Central password, you can click Forgot password to set one up.

Scenario 2

The following login window displays if the user tries to access a specific Central license that is enabled for SSO.

Example The user goes to:

Copy

 https://fictionsoftinc.madcapcentral.com

The vanity for the license is "fictionsoftinc."

Note The button label "Log in with third party" is the default text, but you can customize it to say something else (e.g., Microsoft Login, Okta SSO, AuthO Access).

After you click the button to log in, additional windows open so you can enter credentials of some kind. The type of credentials depends on how your IT department sets up the IdP (e.g., password, verification code sent to email, two-factor authentication via smart phone).

Example — Password

In this example, Microsoft Azure is the IdP, and it has been set up to first ask for your email, with the possibility to select other sign-in options (e.g., security key).

After this, Microsoft asks for your IdP password (i.e., the password you use to log in to Windows when you start your computer).

Then, it might ask if you want to stay signed in.

After this window, you are logged in to Central.

Example — Verification Code

This example is the same as the previous one, except that the IdP is set up to ask for a verification code instead of a password.

In this case, you receive an email, where the code is found.

After pasting the code into the field and clicking Sign in, you are logged in to Central.

After the First Login

For a license that is enabled with SSO, you need to enter credentials only the first time you log in. If you log out and then try to log back in, you will see the SSO login window once more.

When you click the button to log in again, you do not need to enter the IdP credentials a second time. Instead, you are simply logged in with them. This is different than a license that is not enabled for SSO, where you must enter your unique Central password each time you log in.

Note The exception to this is if you have enabled this option in your user settings in Central:

In that case, each time you log out of Central, you are also logged out of your IdP and must re-enter your credentials whenever you log back in to Central.

Note If you log out through the Flare interface (as opposed to a browser) and then log back in, it's possible you will need to enter the credentials once again.

Multiple Licenses

Some Central users might be part of multiple Central licenses. Not only that, but some of those licenses might be enabled for SSO and some might not. Therefore, when logging in, you might encounter a license hub, where you select the license that you want to log in to.

In addition, there are multiple methods for switching to a different license.

Method 1: Select License in Drop-Down

Once a user on multiple licenses is logged in to Central, that person can click the license avatar (or initial) in the upper-right of Central and select a different license.

Method 2: Option in License Drop-Down

In the license drop-down in Central, there is also an option named "Log in to another license."

Method 3: SSO Login Window

In the SSO login window, you will also see an option named "Switch to a different license."

Logging In Using Methods 2 or 3

If you use Method 2 or 3, the license hub opens, displaying all of your Central licenses.

You can then select the license you want to switch to.

Alternatively, in the main Central login window you can click Log in to a specific license. This opens a different window where you can type the exact vanity of the license you want to log in to.

What Happens Next?

Regardless of the method you use, what happens next depends on whether the license is enabled for SSO.

If you select another license that is enabled for SSO, you can click the SSO login button to quickly sign in and load that license. Or the license might simply be loaded if you had previously logged in to it.

If you select another license that is not enabled for SSO, you must enter the email and Central password to log in.

Log In Through Private Site

If your license is set up to create viewer users on demand, you can provide brand new users with a URL link to that output. That can be done in any number of ways (e.g., send an email with the link, put the link on an Intranet site, create a small online page with a hyperlinked image that links to the output).

After new users click the link, they see a page to log in.

Note You can change the look of the button by using a theme. See Themes Page View.

Note The avatar and name above the button are coming from your license settings. See Setting a License Avatar and Changing the License Key Label.

Clicking this login button takes them through the same process described above for first time logins. Once the person enters the initial credentials, a message displays.

In the email, the new user clicks the link to confirm the account.

The output opens, and the new user is now automatically added to the license as a viewer.

Note Keep in mind that these new users must have already been added to the application in your company's IdP in order for this process to work.

Log In as an Admin

In an SSO login window, you will see an option named "Log in as an admin."

This allows a person to enter an email address and password to log in. However, even if you are a Central administrator, it doesn't mean you need to use this option. In most cases, you can use the initial button to log in via SSO (e.g., "Log in with third party"). You'll be logged in and will still have all of your administration permissions once you're in Central.

The "Log in as an admin" option is really a back door in case there is an administrator who needs it.

Example A person might have been initially invited to an SSO-enabled Central license by clicking on the link for a private site. This adds the person to the Central license as a viewer, as opposed to an author or subject matter expert (SME). But because the user was automatically added to the license in this manner, that person never set up a Central password, since the license was using SSO.

Later, somebody else (an administrator) might have then changed that first person to an author seat (instead of a viewer) and granted the individual administration permissions.

Over time, let's say all other administrators have left the license, leaving this one person. Since a Central license always needs to have at least one administrator, and this particular person never set up a Central password when onboarding, the back door option becomes necessary.