> For the complete documentation index, see [llms.txt](https://hub.equipme.io/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://hub.equipme.io/documentation/sales/customer/single-sign-on-sso/sso-for-large-teams.md). # SSO for Large Teams ### Introduction Managing login credentials for hundreds or thousands of employees presents significant operational challenges for large organizations. Single Sign-On (SSO) addresses these challenges by allowing employees to access equipme using their existing credentials from a central identity provider like Microsoft Entra ID. This approach reduces password management overhead while strengthening security and improving user experience. ### Understanding SSO in equipme #### How SSO Authentication Works equipme integrates with your organization's identity provider (such as Microsoft Entra ID) to enable seamless authentication. The system uses a username matching process: **When usernames match**: If an employee's username in your SSO provider matches their equipme username, they gain immediate access through SSO authentication. **When usernames don't match**: Employees are directed through a registration process. Note that this creates a new, separate tenant rather than adding the user to your existing customer account. To avoid this, ensure usernames are synchronized between systems before enabling SSO. #### Linking Existing Local Accounts Employees with pre-existing equipme accounts (created with username and password) will need to link these accounts during their first SSO login. The linking process requires email verification to ensure secure connection between their existing equipme profile and SSO identity. This typically only applies to organizations enabling SSO after employees have already been using local authentication. ### Configuration Steps #### 1. Enable SSO Provider Integration equipme supports multiple identity providers, with Microsoft Entra ID being the most common. Once configured, your SSO provider appears as a login option on the equipme sign-in screen based on platform settings. For Microsoft Entra ID specifically, administrators must grant consent once at the organizational level. This one-time consent allows all eligible users within your organization to authenticate via SSO without individual activation. #### 2. Set Login Method Preferences When inviting new employees to equipme, administrators can specify a preferred login method. While this doesn't enforce SSO exclusively, it encourages adoption by presenting SSO as the recommended option during onboarding. equipme maintains flexibility by supporting both SSO and traditional username/password authentication. This dual-method approach is useful during transition periods or for accommodating specific use cases. #### 3. Configure Access Controls Control which employees can access equipme through SSO by managing permissions directly in your identity provider (such as Entra ID). This centralized approach allows you to: * Grant or revoke SSO access from a single location * Apply group-based access policies * Maintain consistent security controls across applications ### Best Practices for Implementation **Synchronize usernames**: Before enabling SSO, verify that usernames match between your identity provider and equipme to prevent registration issues. **Communicate during onboarding**: Clearly instruct new employees to select SSO as their login method during their first access. **Provide linking guidance**: For employees with existing accounts, prepare support documentation explaining the account linking process. **Leverage invitation preferences**: Use the preferred login method setting when sending employee invitations to establish SSO as the standard from day one. **Test with a pilot group**: Consider enabling SSO for a small group first to identify any username mismatches or integration issues before full deployment. ### Common Scenarios **New employee onboarding**: New hires should select SSO when prompted to choose their login method during initial registration. **Existing employees transitioning to SSO**: Current users with local accounts will complete a one-time email verification to link their accounts during first SSO login. **Restricting access**: Remove or modify user permissions in your identity provider to control equipme access without managing credentials directly in equipme. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://hub.equipme.io/documentation/sales/customer/single-sign-on-sso/sso-for-large-teams.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.