How to Configure Authentication and Access Management?

Authentication and access management allow you to configure user login methods and centralized access management. ConnectiveOne supports SSO (Single Sign-On) through Google and integration with Microsoft Active Directory.

When You'll Need This

You need to configure Google login for users.
You need to integrate the system with Microsoft Active Directory for centralized access management.
You need to simplify the authorization process for users.
You need to centrally manage roles and access rights.

What's Important to Know

SSO (Single Sign-On) — technology that allows users to use one set of credentials to access the system.
Microsoft Active Directory (AD) — tool for centralized management of user accounts through LDAP.
SSO and AD settings are configured by technical support.
SSO does not automatically create new users — the user must be pre-created and activated.

Before You Start

You are logged in with administrator rights.
You have access to technical support or manager for configuration.
For AD: you have an Enterprise support package.

SSO Authorization Google

What is SSO?

SSO (Single Sign-On) is a technology that allows users to use one set of credentials (login and password) to access multiple systems or applications. This simplifies the authorization process, increases convenience and security.

Supported SSO Method

Currently the system supports only one SSO method — Google. This means users can use their Google account to log in to the system.

Work Logic

Existing user (activated):

If the user is already registered in the system and their account is activated, they can log in in two ways:
- Through standard login (login/password)
- Through SSO using Google credentials

New user or inactive account:

If the account does not exist in the system or is inactive, authorization will be blocked, even through SSO.

⚠️ Important: SSO does not automatically create new users. The user must be pre-created and activated in the system.

SSO is the primary login method:

The page displays a large and bright element for login through Google SSO
Additionally, a button for standard login with login and password is indicated
Convenience and speed of login through Google is prioritized

Standard login is the primary method:

First, a login form with login and password is displayed
Google SSO is available as an additional option with less prominent visual hierarchy

SSO Configuration

💡 Note: For SSO configuration, contact technical support or your manager.

SSO configuration is performed by technical support and includes:

OAuth 2.0 configuration with Google
Redirect URI configuration
Email address mapping configuration
Authorization testing

SSO Limitations

Only Google SSO is supported
User must be pre-created and activated in the system
Email in Google account must match email in ConnectiveOne
SSO does not automatically create new users

SSO Benefits

Convenience — one login for all systems
Security — centralized access management
Speed — faster login without entering password
Fewer passwords — reduced risk of password loss

Microsoft Active Directory (AD) for Access Management

What is Active Directory?

LDAP (Lightweight Directory Access Protocol) is a protocol for accessing information about users and resources stored in a corporate directory, for example, Microsoft Active Directory (AD).

Active Directory is a Microsoft tool for centralized management of user accounts, their rights, and access to organization resources.

Work Logic with Active Directory (AD)

In ConnectiveOne, Active Directory capabilities are used for managing employee authorization. User management is fully performed through AD, and authorization is based on data verification through LDAP.

User verification:

If user email is found in AD, they are granted the ability to log in to the system
If email is not found in AD, login will be blocked

User data updates:

On each login attempt, the system updates user role according to the one passed from AD
Other data synchronized through LDAP is also updated (for example, name, position, etc.)

Access blocking:

If the user is deleted from AD or their account is deactivated, login to the system will be impossible

Configuration and Connection

Connection to Active Directory and synchronization configuration through LDAP is performed by technical support.

⚠️ Important: Availability of this function is provided only within the Enterprise support package.

Configuration includes:

Specifying AD server address (LDAP URL)
Role and user data synchronization configuration
Access and rights correctness verification
Synchronization frequency configuration (if necessary)

Integration Features

This approach allows centralized management of employee access and roles, reducing administrative load.

Changes in user access rights in AD are automatically updated in our system on the next authorization.

Authorization Errors

In case of an error, you receive a description of the problem.

Typical errors:

"User not found in AD" — user not found in Active Directory
"LDAP connection failed" — error connecting to AD server
"Invalid credentials" — incorrect credentials
"Account disabled" — account deactivated in AD

AD Limitations

Function is available only for Enterprise clients
Configuration by technical support is required
User email must match in AD and ConnectiveOne
Changes in AD are reflected on next authorization (not in real time)

AD Benefits

Centralized user management
Automatic role and rights synchronization
Reduced administrative load
Increased security through centralized access management

What Happens Next

After configuring SSO or Active Directory, users can use new login methods. When using AD, changes in access rights are automatically synchronized on the next authorization.

How to Verify Everything Worked

Check that SSO or AD is configured by technical support.
Test login through SSO or AD with a test user.
Ensure that users have correct access rights.
Check that role synchronization works correctly (for AD).