Articles in this section

Connect Administration: SSO Overview

Avatar
Jay
  • Updated

Extensis Connect can integrate with popular cloud providers of SSO login services.

Currently the services we support are:

  • Azure AD, from Microsoft
  • Okta, from Okta

We will be adding more services based on demand. If we don't yet support your service, please use this form let us know which one you use.

Three-part setup

In order to use your SSO provider to allow your users to log in to Extensis Connect, you will need to follow these basic steps:

  1. Claim your domain(s) within Extensis Connect.
    We will give you a setting to add to your domain servers so that we can ensure that you are who you say you are (and that others cannot claim to be you).
    Claim your domains
  2. Add Extensis Connect as a Web app to your provider.
    This varies for each provider.
    Add Extensis Connect to Azure AD.
    Add Extensis Connect to Okta.
  3. Configure your directory service within Connect.
    This generally involves copying information back from your provider, then testing the connection.
    Configure your provider within Extensis Connect.

Adding users

Once you have Extensis Connect and your SSO provider talking, you will still need to add your users to Extensis Connect.

Users added to Connect must use the same email as their "User Principle Name" or "Primary Email Address" specified on their user accounts in your respective SSO provider.

There are currently two ways to add users to Connect:

  • Manual invitation
  • Bulk import (for Connect Fonts only)

NOTE for Gmail, Hotmail, etc... logins:    Users using a login with a different domain than the one SSO is enabled for, will not be directed to the SSO sign on. They will instead by directed to the normal connect.extensis.com login screen and use their extensis password to log in.

Restricting access

Many service providers allow you to grant access for users or groups to a Web app. For example, when you add Extensis Connect to your provider, you can also allow individual users or groups to have access to Connect.

While Connect will obey these restrictions, you will still need to add each user as an individual account in Connect itself (and remove that user from Connect if they leave the organization or if their role changes). For this reason, we recommend against using this feature of your provider at this time.

Adding users manually

  1. Log in to Connect (https://connect.extensis.com/administration/users) with administrator credentials.
  2. Click Invite User.
  3. Enter the user's email address and first and last names.
    In order to use SSO, the email address needs to be in one of the domains that you claimed in Step 1 of the three-part setup.
  4. Select User as the Role, then specify what features the user will have access to: Assets, Fonts, or both.
    If you select Fonts, you can change Font Permission to Modify and allow the user to Collect (Fonts) For Output. Modify allows the user to add and remove fonts from shared libraries, and Collect For Output will allow the user to download any selection of fonts.
  5. Click Send Invite.
    Extensis will create an account for the user and generate a random password, then send the user an email with the password and instructions to activate their account.
    The user will receive a second email inviting them to join their teammates, with a link that will launch Extensis Connect.

Important: Since the user emails that are sent automatically may confuse users that will log in using SSO, you may wish to delay adding users until you have configured SSO and sent a blanket email alerting users to what is coming (such as, emails from Extensis that they should ignore).

Importing users for Connect Fonts

With a carefully-crafted .CSV file, you can import a list of users for Connect Fonts so that you can avoid the hassle of manually sending invitations to more than one user.

Rather than repeat ourselves, please see the article Connect Fonts: Importing a list of users.

The bulk import option allows you to import Connect Fonts users and create accounts for them.

Important: In the Import users dialog, you have the option to Send invitation email to all imported users.

If you select this option, each user that you import will be sent an email with a random password and a link where they can log in and validate their account, then a second email with instructions to launch Connect Fonts.

If you deselect this option, imported users will not receive any emails from Extensis. This will allow you to configure Connect to use with your SSO provider, then send emails to users at your leisure.

Handy tip for users of Connect Fonts and Assets

If you have an account that includes access to both Connect Fonts and Connect Assets, then you can simplify adding users by using bulk import.

  1. Create a .csv file that includes users that will only be assigned to use Connect Assets.
    Omit any users from this list that you want to assign the role of Administrator.
    This might seem backwards, but keep going, it will become obvious how clever you are.
  2. Import the users, but do not send invitation emails.
  3. Edit each user. Remove Connect Fonts, and add Connect Assets to their roles, then save the changes.
    This is the most tedious part, but it is still easier than adding each user manually.
  4. Create another .csv file that includes users that will have access to both Connect Fonts and Connect Assets.
    This list should also include any users that you want to be Administrators.
  5. Import the users, but do not send invitation emails.
    That would spoil the surprise.
  6. Edit the users that you want to be administrators and set that role.
  7. You can also edit any users where you want to give more permissions for accessing Connect Fonts.
    By default, imported users cannot create sets or add fonts, and cannot collect fonts for output.
  8. Create the third and final .csv file. This one should include users that will have access to Connect Fonts only.
  9. Import the users, but again, do not send invitations.
  10. Edit any users where you want to give more permissions for accessing Connect Fonts.

With this method, you will only be able to import as many users as you have open Fonts seats at one time. For example, if you have 50 Assets seats but only 25 Fonts seats, you will have to perform two .csv imports to fill up your seats.

Tip-within-a-Tip

If you have a subscription to Connect Assets but not Connect Fonts, you will not have access to the bulk import feature. (If you think this is lame, please use the Give Feedback link at the bottom of the sidebar on the left. Please be more articulate than calling this lack "lame".)

Here is a somewhat less-than-lame suggestion to import users to a Connect Fonts trial, then switch them over to Connect Assets users. This will allow you to import 5 users at a time. (Well, it's better than nothing.)

  1. To start your trial, click the Fonts tab in the Extensis Connect Web app, then click Explore Connect Fonts.
  2. On the Connect Fonts web page, click Start Free Trial (don't click "Start a Trial" at the top left!).
  3. Fill in the Returning Customer fields and click Log in.
    When the Extensis website finally shows you a Welcome page, you can close it.
  4. If you have a browser window showing Connect Admin or Connect Assets, log out.
  5. Log back in to Extensis Connect. You can look at the Fonts screen if you want to. Cancel any dialogs that come up.
  6. Switch to Admin. If all went well, then at the bottom of the sidebar on the left you'll see "Fonts: 1 of 5 seats used".
  7. If you don't see the Fonts section at all, then all did not go well. Click the Give Feedback link at the very bottom of the sidebar on the left, and let us know that you can't access the Connect Fonts trial that you signed up for. (While you're at it, ask if we can set the trial for more users. Don't be shy; ask for as many as you want. We suggest asking for the same number as you have Assets seats.)
  8. If you see "0 of 5 seats used" then you are smart! You are already the License Manager, and don't have any Administrators assigned. Skip the next step.
  9. If you already have Fonts seats used, then you have Administrators assigned.
    1. Assign yourself as the License Manager.
      If someone else is License Manager, temporarily remove them, or if you have an Assets seat available, assign them as an Assets user.
    2. Re-assign all Administrator users as Assets users. (First select User, then check Assets.)
      This frees up all of your Fonts seats to use for importing.
  10. Create a .csv file with the email addresses and names of up to 5 people you want to assign as Connect Assets users.
    If you managed to snag a trial with more than 5 seats then by all means, add that many names to your .csv file.
  11. Import the users, but do not send invitations.
  12. Edit the imported users, changing them from Fonts users to Assets users.
    You need to do this after each import, because once the import completes, all of your Fonts seats will be in use, and you won't be able to import any more users.
  13. Repeat steps 10 through 12 until you have imported all of your Connect Assets users.

Related articles