FAQs for Single Sign-On

If you are considering Single Sign On (SSO) to access your BoardEffect account, This topic includes a list of frequently asked questions to help you decide whether an SSO integration is right for your organization.

Does BoardEffect provide a testing or sandbox environment to test the SSO setup?

We do not provide a testing or sandbox environment. However, you can test SSO in your BoardEffect platform by creating test users in your directory, and then using their credentials to sign in.

Are system administrators required to manually change every User ID in BoardEffect?

No, you do not have to change the User ID in BoardEffect. To validate users, our SSO token confirms their BoardEffect login is the same as your organization's Identify Provider (IdP). If the User ID does not match, you will need to update either the user name or email address at the IdP.

When adding new users, do system administrators need to enter a BoardEffect password, since we use our organization's network passwords?

Yes, you are required to enter a BoardEffect password when you create a new user, even though SSO users do not use it to sign in. To reduce confusion, the Password field is not available when SSO users view their profile.

Can a user sign in to BoardEffect if their password expires?

An SSO user does not need their BoardEffect password to sign in. Therefore, if the BoardEffect password expires, there is no impact. However, if their network password expires, they need to reset the network password to sign in. The network password is not controlled by BoardEffect settings; it is controlled by your organization's network system policies and IT department.

Note

Once a user logs in with their SSO credentials, they are required to always use their SSO credentials.

Can an SSO user change their network password?

Yes, users can change their network password at the IdP endpoint.

So, password are managed within our local network?

Yes, your organization's IT department is responsible for resetting network passwords.

Can we use the settings in our IdP network for BoardEffect, such as requiring users to reset their passwords every 90 days?

Yes, your network's password requirements override the BoardEffect policies.

Can an organization use more than one SSO integration for a platform? For example, can an organization run Okta and SAML at the same time?

Yes, you can use more than one integration, as long as they provide different authentication services. This means you can run both Okta and Security Assertion Markup Language (SAML) at the same time, but you cannot use two Okta integrations.

Who is responsible for creating and maintaining the SSO platform at my organization?

Your organization's IT team is responsible for setting up the SSO integration with BoardEffect. Your IT resource can reference the Integrations page in their Settings for instructions.

Does BoardEffect support Single Logout (SLO)

No, BoardEffect does not support SLO at this time.

Does BoardEffect support LDAP?

No, BoardEffect does not support lightweight directory access protocol (LDAP). However, we can support active directory federation services (ADFS).

Can my organization use our metadata (just our IdP or InCommon federation metadata) to extract and configure a metadata import?

No, BoardEffect does not support data configuration via a metadata import. However, you can manually configure SAML at your organization to integrate client metadata.

Can I use SSO on my mobile device?

Yes, as long as you are connected to the internet, you can use SSO on your mobile device.

I cannot setup the Azure active directory integration. What am I doing wrong?

To troubleshoot, check the SSO logs in your settings. To access the SSO logs:

  1. Sign in to BoardEffect.

  2. On the BoardEffect home page, on the left-side Navigation Bar, select Site Settings .

  3. Select Integrations.

  4. From the Single Sign-On tab, select Single Sign-On Logs on the bottom right.

  5. To view the logs, select from the Start Date/ Time and End Date/ Time filters, and then select Filter.

    You can also check your SSO integration language. Our active directory integrates with OpenID Connect (OIDC), not SAML. To change your access directory, contact your organization's IT resource.