General Information
      Back to home
      1. moinAI Help Center
      2. General Information

      Single-Sign-On

      Single-Sign-On is an authentication method that enables a user to use a single User-ID to log into multiple applications.

      Depending on the moinAI license, the usage of Google ID, Microsoft Entra ID or Azure AD with OpenID Connect (OICD) authentication (oauth-2-protocoll) is possible. 

      If the Single Sign-On segment is not visible, the SSO option has not been activated. The Customer Success Management Team will be happy to activate it for you as soon as possible. 

      1. Activate SSO
      2. Deactivate SSO

      Activate the SSO

      The user address of the hub account must be identical to the address used for Entra ID in order to enable SSO. 

      Microsoft SSO is set up in the bot settings, in the section Users & permissions. To open the settings, click on the cogwheel in the top right-hand corner. Click on Edit in the Single sign-on segment to open the settings option for activating the Microsoft SSO.

      If the Single sign-on segment is not visible, the SSO option has not been activated. Just send a message to the Customer Success Management Team and it will be activated promptly.

      The publication takes effect immediately. If desired, it is possible to activate a one-time 2-factor authentication. This is done via the toggle, described as Require 2FA during Single Sign-On. This 2-factor authentication by sending a code to an e-mail address takes effect the first time you log in with the SSO address. For subsequent logins, 2-factor authentication no longer applies.

      After setup in the moinAI Hub, no further settings are required in Microsoft Azure or Entra. If necessary, an administrator must give consent; this depends on individual security settings.

      The invitations for additional hub accounts contain the necessary information for SSO, if this is activated.

      Login to the moinAI Hub takes place without a password and via the login button of the selected SSO provider. 

      All unused invites, that have been sent prior to the activation of SSO loose their validity. Conclusively, the unused invites sent prior to the deactivation of SSO loose their validity. 

      Users who receive an SSO invitation have an account without a password. This means that logging in with an email and password is not possible. It is also impossible to reset a password after SSO deactivation. 

      If SSO is activated, login is mandatory via the “Login with Microsoft” button. It is essential that users belong to a specific organization as long as the email is suitable for Microsoft login. 

      If there is access to several bots and at least one of these bots uses the SSO method, the SSO takes effect for all bots.

      Deactivate SSO

      Deactivation is basically the same as activation. Instead of selecting a provider, it is now necessary to deselect the provider.

      Publication of the deactivation means that SSO dial-in is no longer enforced; however, it is still possible.