User experience when using SAML 2.0 with Okta

Jason Duryea
Jason Duryea ✭✭✭✭✭✭

We're testing the use of SAML 2.0 for authenticating to Smartsheet. The default login page doesn't include the "Your Company Account" option. It seems users have to somehow know to type in their email address (without a password) and click Log In, at which time Smartsheet recognizes which authentication methods are available for your domain. Then the user needs to click again to login. This just doesn't make for a smooth or user-friendly single-sign-on experience.

Does anyone have any experience implementing SAML 2.0 and have any tips on how to make the user experience better?

Fig 1 - Normal Log In page (notice missing "Your Company Account")

Fig 2 - Login page after entering email address and clicking Log In button


Best Answer

  • Genevieve P.
    Genevieve P. Employee
    Answer ✓

    Hi @Jason Duryea

    What you're seeing/describing is the user experience for the very first time logging in - you are correct that the email needs to be entered in order for the login to recognize what options are available for that account. (See: Available Sign In Options)

    However, once the browser has stored cookie data after this initial login, then the next time they access this page it should automatically skip to your second image and show the available options for that user.

    Another detail that may help make this login experience smoother is adding in a CNAME to your configuration which will automatically send your users to a company specific URL when they enter their email. See step 4 in this article, and the section labelled "Direct People to Sign in at a Friendly CNAME URL".

    Cheers,

    Genevieve

    Need more help? 👀 | Help and Learning Center

    こんにちは (Konnichiwa), Hallo, Hola, Bonjour, Olá, Ciao! 👋 | Global Discussions

Answers

  • Genevieve P.
    Genevieve P. Employee
    Answer ✓

    Hi @Jason Duryea

    What you're seeing/describing is the user experience for the very first time logging in - you are correct that the email needs to be entered in order for the login to recognize what options are available for that account. (See: Available Sign In Options)

    However, once the browser has stored cookie data after this initial login, then the next time they access this page it should automatically skip to your second image and show the available options for that user.

    Another detail that may help make this login experience smoother is adding in a CNAME to your configuration which will automatically send your users to a company specific URL when they enter their email. See step 4 in this article, and the section labelled "Direct People to Sign in at a Friendly CNAME URL".

    Cheers,

    Genevieve

    Need more help? 👀 | Help and Learning Center

    こんにちは (Konnichiwa), Hallo, Hola, Bonjour, Olá, Ciao! 👋 | Global Discussions

  • Jason Duryea
    Jason Duryea ✭✭✭✭✭✭

    @Genevieve P. Thank you! We're setting up the CNAME right now and I didn't realize about the cookies. Once I cleared the app.smartsheet.com cookie from my browser, I was able to get it to remember this when I tried to login again. With some instruction, the user experience with SAML (Okta) will be much better going forward.

  • No problem! I'm glad this will be better for you going forward. 🙂

    Need more help? 👀 | Help and Learning Center

    こんにちは (Konnichiwa), Hallo, Hola, Bonjour, Olá, Ciao! 👋 | Global Discussions