Skip to main content
All CollectionsAdmin - PeopleAdvanced people management functions
How can I have both single-sign-on (SSO) and external users in the one portal?
How can I have both single-sign-on (SSO) and external users in the one portal?

By using the LOGIN field for each user, you can manage both internal (SSO) and external (non-SSO) users in the same portal.

Lou Monsour avatar
Written by Lou Monsour
Updated over 6 months ago

Once your organisation enables single-sign-on (SSO/SAML), then by default your users must use your SSO process to access Tribal Habits. We will redirect users to your SSO login page when they access Tribal Habits, and your SSO login page will redirect them back to Tribal Habits after authentication.

If you have users in your Tribal Habits portal who do not use SSO, that can prevent them from logging in.

HOWEVER, you can use the LOGIN field for each user to manage external users and grant them access to your portal.

What is the LOGIN field?

The LOGIN field will appear for all users once SSO is activated in your portal. By default, it will be set to 'Internal'. There are only two choices for this field, which is explained below:

  • Internal. This user is within your SSO environment. The platform will use SSO for authentication and use SSO-enabled links in all notifications to them. The user will not be prompted to set any password within Tribal Habits.

  • External. This users is outside your SSO environment. The user will be required to set a password within Tribal Habits, be directed them to a special external login URL (see below) and any links in notification emails will also use the external login URL.

In this way, internal users can use SSO, while external users can log in and avoid being caught up in your SSO process.

This field can be set manually for individual users, or included as a column in a CSV via the Upload People function (with Internal or External in each cell).

NOTE: Users set to 'External' cannot use internal auto-enrol links. Those links will be caught by the SSO login processes and cannot be utilised otherwise.

Filtering your users according to whether they're 'internal' (SSO) or 'external' (non-SSO) users

If you have a combination of SSO and non-SSO users in your portal, you can use the People filter to identify users according to whether they're 'internal' (SSO) or 'external' (non-SSO) users.

Click the People filter (for example, on the People page, reports, and so forth) and for the 'Login' field, change the drop-down from 'Any' to 'Internal' or 'External' depending on which type of users you want to see.

How do external users login?

External users cannot use your standard login page once SSO is enabled. Instead, external users should use the dedicated external user login page, located at...

  • https://yoursubdomain.tribalhabits.com/accounts/external

This URL is included in the invitation for external users and this URL is used to replace all other URLs in any notification emails sent to these users.

Did this answer your question?