Google Apps Single Sign On (SSO) lets your team members sign in to Routable using Google Workspace credentials, and is the easiest way to let your members sign in to Routable using Google.
When SSO is configured, this will allow for:
-
Easier login for employees
-
Knowing only employees with valid credentials have access to Routable
-
Multi-Factor Authentication (MFA)
Require Google Apps SSO vs. Optional Google Apps SSO
With “Google Apps SSO”, you can use Google to authenticate Routable team members, and configure it to either require Google login or make it optional for members of your team.
Getting started with Google SSO
Only those with an administrator and IT administrator role in Routable can access and configure Google Apps SSO settings.
Set up steps
Visit Single Sign-on in Account Settings
-
Log into Routable
-
Navigate to Settings then Single Sign-On
-
In the Single Sign-On section, select Google Apps SSO as your preferred authentication method.
-
Click Configure
-
Choose either Require Google Apps SSO or Optional Google Apps SSO
Require Google Apps SSO
We recommend this option if everyone on your team uses a Google domain.
This option requires that members authenticate with Google Sign-In (which means that their email addresses must correspond to a Google account).
After enabling Required Google Apps authentication for a Routable organization:
-
Team members can use their email and password to log in to Routable until they log in with Google for the first time
-
Once they log in with Google, they won't be able to log in with email and password again
☝️ Admins and IT admins can still log in using a password.
Optional Google Apps SSO
We recommend this option if not all members of your team use a Google domain. Everyone will have the option to log in with a password.
After enabling Optional Google Apps SSO authentication for a Routable organization:
-
All members can log in with email and password or Google Apps SSO
-
Changes to a member's access made in Google will impact that member when they next login to Routable
Lastly, after selecting either Required or Optional, click Turn On Google Apps SSO
🎗️ Keep in mind that once Google Apps SSO is turned ON, your team members will see a new login screen when they next login to Routable. Be sure to let all members know about the change.
⭐ Important: Users with disabled Google accounts are still Routable members until you remove them from your team in Routable. They will no longer be able to access your Routable workspace, but they will continue to be considered a Routable member until disabled. Depending on their role, this could impact your pricing.
Two-factor authentication and Google Apps SSO
Routable supports two-factor authentication set up in Google, which requires members to enter a code from an authenticator app when logging in:
-
For members who have enabled two-factor authentication, Routable asks for the code entry after the identity provider login process is complete
-
Routable utilizes the two-factor authentication, which may or may not be enabled for your Google Workspace account
Disabling Google Apps SSO
If you’d like your workspace to go back to using Routable’s built-in authentication, you can turn off Google Apps SSO. When SSO is turned OFF, members will sign in using their email address and Routable password.
⭐ Note: Only Administrators and IT Administrators can access and configure Google Apps SSO settings
How to turn off Google Apps SSO
1️⃣ Log in to Routable with Administrator or IT Administrator permissions.
2️⃣ Navigate to to Settings -> Single Sign-On
3️⃣ Click Disable
Members will receive an email to let them know about the change and to remind them to set a password if they don’t already have one. Members who receive this email when already signed in to Routable will remain logged in.
⭐ Note: Members can also click on Forgot Password to set up a new password.
FAQ’s
When do changes made in Google take effect?
Changes to a member's access made in Google, such as restricting employee access to email, archiving, or deleting emails, will impact that member when they next login to Routable.
If Google Apps SSO is enabled, how often will members have to login?
Routable’s Google Apps SSO feature includes an extra layer of security allowing members to stay logged in securely for long periods of time as long as they are using Routable frequently. Every day, Routable validates member access and activity which securely provides access for 30 days.
So long as members don’t go inactive for more than 30 days, they will remain logged in.
Does restricting employee access to email, archiving, or deleting emails in Google remove the membership in Routable?
No. If a member's Google account has been disabled, they will no longer be able to access your Routable workspace, but they will continue to be considered a Routable member until disabled in Team Management. Depending on their role, this could impact pricing.
Will Routable members who use Gmail but who don’t have a company email be able to use Google Apps SSO?
Yes, members with a Google Workspace email with a different email domain will be able to use Google Apps SSO as long as they are a Routable member using that same email address for their Routable account.
Who can change SSO settings?
Only Administrators and IT Administrators can access and configure Google Apps SSO settings.
Does Routable offer 2FA / MFA?
Routable offers two-factor authentication set up in the Identity Provider and enabled through single sign-on (Google Apps SSO or SSO with SAML.)
Can we switch from Require Google Apps SSO to Optional Google Apps SSO?
Yes, click the Edit button, found under Google Apps SSO settings, to switch the configuration. The changes will take effect the next time a member logs in.
Is there any way to bypass Google Apps SSO once turned on?
Yes! There are three ways to bypass Google Apps SSO once turned on:
1️⃣ You can log in as an Administrator or IT Administrator using your username and password
2️⃣ An Administrator or IT Administrator can configure Google Apps SSO to be Optional which allows log in with username and password also.
3️⃣ If you have access to another Routable workspace you can securely log in there, and switch to your approved workspaces, using Routable’s Quick Switch feature.
Does Routable allow for enforcement of 3rd party authentication providers within Google App SSO?
Yes! If your Google Workspace enforces a 3rd party authentication provider (such as Okta, Ping etc.) your team members will be presented the 3rd party authentication mechanism first and then will be able to login to their Google account.
Does Routable offer SSO with SAML?
Not at this time, but this is something we hope to offer soon.
I work for an accounting firm and access the workspaces of our clients, can our client use Google Apps SSO?
Yes. However, if you log into their workspace using username and password, ensure they have configured Google Apps SSO to be Optional.
If your accounting firm uses Google for authentication, you can also login to your clients’ workspace with Google, as long as the Gmail address used matches your Routable membership.
Our company uses an accounting firm who has access to our workspace, can we use Google Apps SSO?
Yes. However, if they login to your workspace using username and password, ensure you have configured Google Apps SSO to be Optional.
If your accounting firm uses Google for authentication, they can also login to your workspace with Google, as long as their Gmail address matches their Routable membership email.
Our company uses an accounting firm who has access to our workspace and we have Google Apps SSO configured as Required - how can the accounting firm login?
If your accounting firm uses Google for authentication, they can also login to your workspace with Google, as long as their Gmail address matches their Routable membership email.
Or, if the accounting firm has a Routable workspace of their own or if they have other clients with Routable, they can log in through the other workspace’s secure authentication method, and switch to your workspace using Routable’s Quick Switch feature.
Comments
0 comments
Please sign in to leave a comment.