What’s New?

Automatic User Provisioning

Agility Blue now has the ability to automatically enroll users for organizations that take advantage of Single Sign-On!

Single Sign-On (SSO) is a security feature that places identity management back in the hands of the organization and empowers users to take advantage of their company's login process. It allows users to login using a company-provided account instead of having to use an Agility Blue username and password. Agility Blue has offered SSO now for quite some time, but Agility Blue user accounts were required to be made first in order to link the account to an SSO identity provider. With this update, admins can now define a specific set of rules that tell Agility Blue what to do with a user that attempts to use SSO without already having an Agility Blue account. The rules include defining:

• Identity Providers. Admins can select from a list of identity providers that are allowed to take advantage of automatic user enrollment. Supported identity providers include Google (ex. Gmail, GSuite), Microsoft (ex. Azure AD, Office 365), and Saml2 (ex. AD FS, Okta, OneLogin).

• Roles. Admins can select from a list of roles to apply to the new user. Supported roles include Organization User (a standard user) or Organization Administrator.

• Workspace Access. Admins can select from a list of available workspaces to grant access to the new user.

• Trusted Domains. Admins can define a list of one or more domains that they trust.

How does it Work?

When a user logs in using SSO (either by clicking on one of the identity provider buttons on the right-hand side of the login screen or by being redirected to Agility Blue from an idp-initiated login provider), Agility Blue first checks to see if the user already has a linked Agility Blue account. If not, Agility Blue will check through a list of trusted domains. If there is a domain match, Agility Blue will create a new user account with the roles and workspace access defined by the organization's user enrollment configuration.

User Enrollment configuration and other SSO related settings can be found by admins on the authentication tab within the organization details page.