Before you begin:
Before your enable SSO please contact FAT FINGER Support or your Success Coach to notify them them of the intent to enable SSO. This will ensure a successful configuration and avoid any related issues with existing users or while inviting new user to the system.
Identify your Azure AD IT Admin that will assist with enabling your Azure AD Instance and will consent on behalf of users. An existing Azure AD Admin has the option to consent on behalf of all users to avoid each user, on first time login, to consent to using FAT FINGER.
You must be an Admin in FAT FINGER to enable your account for SSO or work with your Success Coach to have them enable the account.
Please note that the following instructions could vary dramatically due to every companies Azure AD Policies and Configurations. These instructions are best case scenario. At anytime feel free to contact the FAT FINGER team to assist and/or walk through the process in real time.
Step 1: Setup and Consent Azure AD Instance
Working with your Azure AD Admin, ask them to login to FAT FINGER via the Sign In With Microsoft button on the login page. See link and screenshot below:
Tip: Taking a few screenshots along the way will help with any troubleshooting.
Note: that the Azure AD Admin doesn't have to have been invited or a user of the system for this step.
once clicked, the Admin should be prompted to login through SSO or most cases the user is already logged in through the SSO AD provider. They will be presented with steps to consent for or on behalf of All Users. Note: This might or might not be the case and could vary based on Azure AD policy.
If the Admin didn't have an account in FAT FINGER they will receive and error which is perfectly fine otherwise a valid login should occured.
If any issues occur here please contact FAT FINGER support via messenger or contact your Success Coach.
Step 2: Enable FAT FINGER Account for SSO
The following step enables your FAT FINGER account to support Azure AD Authentication. In addition, it establishes your companies email address domain name to know how users are on boarded when receiving email invites.
Users with SSO will not be required to setup a password when invited to FAT FINGER unlike users that are outside your company. i.e if you invite a user outside your company, with a different email domain name, then that user is required to setup a password.
Login to FAT FINGER as an Admin.
Navigate to the Settings Page. Link can be found in the left nav bar.
Click Azure AD Tab
Click the Activate switch to turn on SSO
Enter a whitelisted domain name: normally this is your company's domain name. example: If your email is firstname.lastname@example.org you will want to enter company.com
Important: If this is not correct your user invites will not onboard correctly.
Click Save Changes.
At this point SSO should be configured and working properly. As you invite other users in your company to fat finger they will not be ask to setup a password. If this is not the case please contact FAT FINGER support.
Note that existing users prior to SSO setup can continue to use both their existing password that they initially established and SSO.