User experience when using SAML 2.0 with Okta

Jason Duryea
Jason Duryea ✭✭✭✭✭✭
in Smartsheet Basics

We're testing the use of SAML 2.0 for authenticating to Smartsheet. The default login page doesn't include the "Your Company Account" option. It seems users have to somehow know to type in their email address (without a password) and click Log In, at which time Smartsheet recognizes which authentication methods are available for your domain. Then the user needs to click again to login. This just doesn't make for a smooth or user-friendly single-sign-on experience.

Does anyone have any experience implementing SAML 2.0 and have any tips on how to make the user experience better?

Fig 1 - Normal Log In page (notice missing "Your Company Account")

image.png

Fig 2 - Login page after entering email address and clicking Log In button

image.png


Tags:
· Share on FacebookShare on Twitter

Best Answer

  • Genevieve P.
    Genevieve P. Employee Admin
    Answer ✓

    Hi @Jason Duryea

    What you're seeing/describing is the user experience for the very first time logging in - you are correct that the email needs to be entered in order for the login to recognize what options are available for that account. (See: Available Sign In Options)

    However, once the browser has stored cookie data after this initial login, then the next time they access this page it should automatically skip to your second image and show the available options for that user.

    Another detail that may help make this login experience smoother is adding in a CNAME to your configuration which will automatically send your users to a company specific URL when they enter their email. See step 4 in this article, and the section labelled "Direct People to Sign in at a Friendly CNAME URL".

    Cheers,

    Genevieve

    · Share on FacebookShare on Twitter

Answers

  • Genevieve P.
    Genevieve P. Employee Admin
    Answer ✓

    Hi @Jason Duryea

    What you're seeing/describing is the user experience for the very first time logging in - you are correct that the email needs to be entered in order for the login to recognize what options are available for that account. (See: Available Sign In Options)

    However, once the browser has stored cookie data after this initial login, then the next time they access this page it should automatically skip to your second image and show the available options for that user.

    Another detail that may help make this login experience smoother is adding in a CNAME to your configuration which will automatically send your users to a company specific URL when they enter their email. See step 4 in this article, and the section labelled "Direct People to Sign in at a Friendly CNAME URL".

    Cheers,

    Genevieve

    · Share on FacebookShare on Twitter
  • Jason Duryea
    Jason Duryea ✭✭✭✭✭✭

    @Genevieve P. Thank you! We're setting up the CNAME right now and I didn't realize about the cookies. Once I cleared the app.smartsheet.com cookie from my browser, I was able to get it to remember this when I tried to login again. With some instruction, the user experience with SAML (Okta) will be much better going forward.

    · Share on FacebookShare on Twitter
  • Genevieve P.
    Genevieve P. Employee Admin

    No problem! I'm glad this will be better for you going forward. 🙂

    · Share on FacebookShare on Twitter

Categories

Help shape the future of Smartsheet.
Share your ideas and feature requests.

 Watch video