User experience when using SAML 2.0 with Okta

10/14/21
Accepted

We're testing the use of SAML 2.0 for authenticating to Smartsheet. The default login page doesn't include the "Your Company Account" option. It seems users have to somehow know to type in their email address (without a password) and click Log In, at which time Smartsheet recognizes which authentication methods are available for your domain. Then the user needs to click again to login. This just doesn't make for a smooth or user-friendly single-sign-on experience.

Does anyone have any experience implementing SAML 2.0 and have any tips on how to make the user experience better?

Fig 1 - Normal Log In page (notice missing "Your Company Account")

Fig 2 - Login page after entering email address and clicking Log In button


Best Answer

  • Genevieve P.Genevieve P. admin
    Accepted Answer

    Hi @Jason Duryea

    What you're seeing/describing is the user experience for the very first time logging in - you are correct that the email needs to be entered in order for the login to recognize what options are available for that account. (See: Available Sign In Options)

    However, once the browser has stored cookie data after this initial login, then the next time they access this page it should automatically skip to your second image and show the available options for that user.

    Another detail that may help make this login experience smoother is adding in a CNAME to your configuration which will automatically send your users to a company specific URL when they enter their email. See step 4 in this article, and the section labelled "Direct People to Sign in at a Friendly CNAME URL".

    Cheers,

    Genevieve

Answers

  • Genevieve P.Genevieve P. admin
    Accepted Answer

    Hi @Jason Duryea

    What you're seeing/describing is the user experience for the very first time logging in - you are correct that the email needs to be entered in order for the login to recognize what options are available for that account. (See: Available Sign In Options)

    However, once the browser has stored cookie data after this initial login, then the next time they access this page it should automatically skip to your second image and show the available options for that user.

    Another detail that may help make this login experience smoother is adding in a CNAME to your configuration which will automatically send your users to a company specific URL when they enter their email. See step 4 in this article, and the section labelled "Direct People to Sign in at a Friendly CNAME URL".

    Cheers,

    Genevieve

  • Jason DuryeaJason Duryea ✭✭✭✭✭

    @Genevieve P. Thank you! We're setting up the CNAME right now and I didn't realize about the cookies. Once I cleared the app.smartsheet.com cookie from my browser, I was able to get it to remember this when I tried to login again. With some instruction, the user experience with SAML (Okta) will be much better going forward.

  • No problem! I'm glad this will be better for you going forward. 🙂

Sign In or Register to comment.