SSO and Active Directory
Dernière mise à jour
Dernière mise à jour
Cards is compatible with many SSO systems, allowing your users to log in via their professional account very easily and securely.
We also offer an option to automatically synchronize users and groups from your Active Directory.
SSO is an option at Cards, and requires a little configuration: on our side, but also on yours, to authorize the application.
You must therefore contact us, in order to talk with a person from our technical team, who will be able to support you in the implementation (you or a person from your tech team).
The steps to configure SSO are as follows:
We share a configuration link with you, allowing you (or your technical team) to configure your provider to authorize SSO connection to your Cards space.
Once your configuration is complete, we activate the option on your space, which will allow you to choose the "SSO" connection mode for your users.
Before enabling SSO on all your users, you can run a test on one of your accounts to check that everything is working correctly.
Cards is compatible with the SCIM protocol, allowing you to automatically synchronize users and groups from your Active Directory.
The configuration steps are as follows:
We share with you a configuration link, allowing you (or your technical team) to configure your provider to authorize synchronization with your Cards space.
Once your configuration is complete, we activate the option on your space, and complete the necessary configuration on our side.
You can then go to the “My space” > “SSO Enterprise” page, and see that the configuration is complete. You can then return to your provider (Azure for example) and add users or groups in synchronization.
Depending on your provider, synchronization is more or less rapid (for example on Azure, synchronization occurs approximately every 40 minutes). As soon as the first elements are received, you will be able to see them on your “SSO Entreprise” page.
Synchronization is downward only, therefore only in the direction Provider -> Cards. Groups or users that you create directly in Cards will not be sent to your Active Directory.
Thanks to synchronization, you will be able to create users in your provider, and these will be automatically created in Cards.
Same thing for groups : once a group is created in your provider, it is automatically created in Cards, and its members are added. If the members of your group do not yet have a Cards account, they are created on the fly, with the "SSO" connection mode.
On your “Enterprise SSO” page, you will be able to see the user synchronization status:
For each user, you will be able to see if they have been created in Cards or not yet. If necessary, you can restart the creation of accounts via the "Create users" button, or do it individually per user.
When a cross is present next to the user's email, it means that their access to Cards has been disabled, or that the account has been deleted from your Active Directory. These accounts are not synchronized with Cards, and are deleted if an account previously existed.
On your “Enterprise SSO” page, you will be able to see the synchronization status of the groups:
Here are the actions supported by synchronization:
creation of the group
editing the group (changing the name)
group deletion
adding a person to the group
removing a person from the group.
As with users, you can see if a group has already been synchronized with your Cards space. If necessary, you can restart synchronization, which will cause:
the creation of the group if it does not yet exist
adding members to the group if they are not already there
and if the member of the group to be added does not yet have a Cards account, we create one on the fly
users already in the group on Cards are not removed.
When a group is synchronized with your Active Directory, you will be able to see it on the group listing with the "AD" tag: