Skip to main content
All CollectionsIT/SecuritySingle Sign On
How Single Sign-On Works within Creative Force
How Single Sign-On Works within Creative Force
Ian Mitchell avatar
Written by Ian Mitchell
Updated over 2 years ago

This is an article that goes over how Single-Sign-On works within Creative Force.

Login

Password Login

  • From the screen login by password form:

    • Type in your Email and Password then click login.

SSO Login

  • From the Creative Force Log in screen, choose SSO LOGIN

  • From the screen input email, type email and next

    • In most cases, you will be redirected to your IdP login form.

    • In special cases, you may need to input the studio domain before going to IdP login form.

After logging in from IdP, the user will be redirected to Gamma.

To switch users on the IdP, the current user needs to log out from the IdP.

Users management

Login mode

One user can only have one or both of the following Login modes:

  • SSO Login: When a user exists on the IdP AND the CF Instance is set up to use SSO

  • Password Login: When the user is invited via Gamma OR Admin sets the password for a user

Add new user via IdP

  • Once SSO is set up, all users on IdP (who are assigned to Creative Force) will be able to use login to Creative Force via the IdP

  • If an admin does not set a password for users in Gamma then users only have SSO login available

  • If an admin sets passwords for users in Gamma then users will have both login modes available

Notes: If your IDP does not support SCIM (such as ADFS), then you will have to remove users manually using Gamma.

Add new user via Gamma

  • Admin can still invite users directly from Gamm and they will be able to sign up and set their password.

    • If the user does not exist in the IdP → The user can only log in via their password

    • If the user exists in the IdP → The user can log in either via SSO or their password

Removing users via IdP

  • If a user only has SSO login mode, then you only need to remove the user from IdP:

    • If you set up SCIM, then the user should be locked immediately from Creative Force automatically

      Otherwise, the user can continue working within Creative Force until they log out or an Admin removes the user via Creative Force

  • If the user has both login modes, then that user can continue working within Creative Force with their password until Admin locks or removes the user account within Creative Force

Remove user via Gamma

  • If a user has SSO login mode, the admin cannot remove the user via Gamma, because the user can still log in via the IdP. See the Add new user via IdP of this article. The user should be removed via the IdP

  • If the user only has password login mode, then a Creative Force Admin can remove the user via Gamma

SSO Administration

SSO with 2FA and password policy

  • 2FA and password policies aren’t applied for SSO users. These policies belong to the IdP.

Remove SSO

  • In case you need to remove Single Sign-On, please reach out to Customer Support via in-app chat or support@creativeforce.io

Troubleshooting SSO

  • If you have any issues with SSO, the Creative Force Account Owner can always can log in via their password and update the settings. Alternatively, you can reach out to Customer Support via in-app chat or support@creativeforce.io

  • On SSO Login, if you have an error message of “The provider email does not match”, it seems you are trying to login with an email that is different from the remembered user on your IdP. Solution: You need to log out the remembered user on your IdP, and try again.

Related Articles
Security settings
How to set up Single Sign-On within Creative Force
SSO: Log in directly from user's IDP
April 11th – Sprint 124 Release Notes
Login via external-browsers
Did this answer your question?