Google Single Sign On (SSO) Is a newly released feature that may not be available yet on your account. If you would like us to enable this feature for your account please reach out to firstname.lastname@example.org.
If you are using GSuite for your organization's email then you may want to consider allowing your users to login to Script using their Google account credentials. Giving your users the option to login with Google means one less password for them to remember. Additionally depending on your needs you can optionally white-list your domain so that any user with an email at your domain can login to your account without needing an invite. This is great for cases where you want everyone in your organization to have basic Script access to view their Inbox and submit workflows.
Enabling Google SSO
In order to configure your account's login experience (Including Google SSO) you must be an account owner.
Select "Settings" from the navigation bar
Select "Login and SSO" from the navigation bar
Click the Toggle Switch to Enable Google SSO
Once the switch is enabled then you will see additional settings. The default settings require that a user already has an account.
Your login page should now have a Log in with Google Button
At this point any existing user will be able to login with Google if the email used for their username matches that of the Google Account they are logging in with.
Customizing the Login Experience
Different organizations have different use cases for how they want to use Single Sign On. We provide several options to help tailor the login experience to your needs.
Whitelisting Your Domain
We provide the ability to whitelist the domain that users can login to Script with. This will enforce that people only use google accounts that belong to the specified domain.
Having a whitelisted domain is a prerequisite to using the automatic account creation feature discussed below.
Setting the New User Behavior
The experience that someone has when they log in with Google for the first time and they don't already have a user created in your Script account is governed by the new user behavior settings.
By default, if a user does not have an account they are denied access.
If you want to allow anyone with an email address on your domain to login to Script without needing to pre-invite them then first Whitelist your Domain as described above. Then you will be able to set the First Login Behavior to "A user is created automatically for all new users who log in using SSO."
Once you toggle this setting you will see the "Default Access Level" dropdown appear that specifies the level of access you would like new users to have. In the default configuration only Inbox access is granted. This is the least permissive option that only allows users to complete submissions but not see workflows or forms. We recommend keeping this set to Inbox for Automatic Account Creation.
If you would like all members of your organization to have access to workflows and forms then you can change the Default Access Level setting to "Dashboard"
Now that this option is enabled any user that tries to login with an email from your domain will be presented with your organization as a login option. If you manage multiple organizations all organizations that you whitelist will be presented to users to pick from as they login.