This article is meant to be used by new SiteLink Multi-Factor Authentication (MFA) and Single Sign-On (SSO) Admin users. An SSO Admin user account must first be created by the Storable Team before you can begin using MFA for SiteLink. If you’re interested in learning more or getting started, you can learn more in our article: SiteLink Multi-Factor Authentication.
SiteLink Multi-Factor Authentication Onboarding
Once your initial SSO Admin account has been created by a member of the Storable Team, you will complete onboarding and reconcile your SiteLink users to activate MFA.
To get started with onboarding, log into dashboard.storable.io. If you have not already set up your SSO account, you will be prompted to do so first.
Click Onboarding.
Step 1: Configure Security Settings
|
1. Click Configure. |
|
|
2. Password Policy - Set a minimum password length. 3. Password Rotation - These settings dictate how often a user needs to change their password, when to warn them about an upcoming required password change, and how many previous passwords cannot be used when entering a new password. |
|
|
4. Lockout - Set the maximum number of login attempts before a user is locked out and maximum session length before a user is logged out if you would like to. 5. Session - Set the number of minutes before users are logged out of the SSO dashboard. 6. Multi-Factor Challenge - Users will be prompted to re-enter MFA credentials at subsequent login attempts if it has been more than the number of minutes you set in this field since their initial login with MFA. Users can login before the set time without being presented with another MFA challenge.
|
|
|
7. Allow Authentication Methods - All Authentication Methods will be toggled on by default. Toggle off any Authentication Methods that you would not like to allow your users to choose from. SMS and Email will send a code to the user’s phone or email address. Okta Verify and Google Authenticator will require the user to download an app that will generate the code. 8. Click Save when done. |
Step 2: Reconcile Users
After saving your Security Settings, you will be directed back to the Single Sign-On Onboarding page. Next, you will reconcile all user logins at your corporation. In many cases, users have multiple sets of login credentials used to access different locations in SiteLink Web Edition and SiteLink Corporate Control Center. The goal of reconciliation is to ensure that each user has one set of login credentials that will give them access to the correct SiteLink applications and locations. Reconciliation is done by exporting a spreadsheet of all logins and ensuring each unique user has one username associated before re-uploading the spreadsheet.
⚠ Please be aware that depending on the size of your corporation, this step may take multiple hours to complete.
1. Click Export.
2. Select formatting options for the email addresses and usernames that will be used for the SSO with MFA accounts.
Email address
- Always leave blank: The column will not contain any data. You will need to manually enter an email address for each user.
- Always generate from template: Select this option to generate email addresses for your users based on either their username or First.LastName @YourDomain. If you do not have standard company email addresses that match these formats, we recommend selecting another option.
- Use existing. If no existing email, leave blank: This column will contain the user’s existing email address on file with SiteLink unless we don’t have one. If we don’t have an email address for the user, the cell in this column will be blank.
- Use existing. If no existing email, generate from template: The email address column will contain the user’s email currently on file with SiteLink or, if no email address is on file, will use the template you select to generate an email address using either their username or First.LastName @YourDomain. If you do not have standard company email addresses that match these formats, we recommend selecting another option.
Username
SSO user names must be formatted as email addresses but do not need to match the user’s SSO email address and do not need to be real, valid email addresses. If you do not provide your staff with unique, real, company email addresses and they either use their own personal email address or a shared company address, you will need to create unique usernames formatted as an email address i.e. name@yourcompany.com, even if it is not a valid email address in your system. You can use the template options as explained below to make this easier.
- Always leave blank: The column will not contain any data. You will need to manually enter a username for each user.
- Always generate from template: Select this option to generate usernames for your users based on either their current SiteLink username or First.LastName @YourDomain.
- Match email above. If no email, leave blank: This column will contain the email option you selected in the email address section above (email on file or from template). If that option does not generate a value, the cell in this column will be blank.
- Match email above. If no email, generate from template: The Username column will contain the email option you chose in the email address section above. If that option does not generate a value, it will use the template you select below to generate a username using either their current SiteLink username or First.LastName @YourDomain.
3. After you make your selections, click Export to download a file to your computer.
Which users are included in the User Export?
The User Export is a list of all users from SiteLink Web Edition (SLWE) and Corporate Control Center (CCC) that are not API-only users. Your API-rights-only users (i.e. 3rd-party integrations) will not appear on the export, will not get SSO accounts, and their integrations will not be changed by the user reconciliation process.
Note: Disabled Corporate Control Center users may appear on the export. If you do not want SSO accounts created for those users, you may either delete them from SiteLink CCC or simply remove the row from the user export.
User export reconciliation instructions
For each row (user) on the spreadsheet, review columns B,C,D,F, and G and make any updates as needed to ensure each user’s information is correct and complete. The data included in columns F and G (email address and username) will depend on your selections prior to downloading the spreadsheet. You can update your selections from the onboarding dashboard and redownload the spreadsheet if you want to change the formatting.
⚠ It is critical that you read the instructions below carefully and thoroughly to be sure the spreadsheet is formatted correctly and user accounts are created as you intend.
Column descriptions and instructions
Only columns B,C,D,F, and G should be edited. Data in other columns can be used for reference. Columns H and I will contain information about any errors our system has detected that should be resolved for the user.
For each user:
- Ensure they have only one username in column B so that any duplicates are combined.
- Ensure their first and last name are correct in columns C and D.
- Check, add, or correct the email address that will be used for their SSO with MFA account in column F.
- Check, add, or correct the username that will be used with their SSO with MFA account in column G.
- SSO accounts will only be created for users who are included in the spreadsheet. If you would like to remove access for a user, delete their row from the spreadsheet.
|
Column |
Instructions |
|
A |
Your Corporate Code. This will be used during the spreadsheet import. Please do not edit this column. |
| B | Current SiteLink username that was matched by our system. Do not change this information unless the user has multiple rows with different usernames. If they have multiple usernames in column B, update the username for either SLWE or CCC so all duplicate users have a single username in column B. All cells in this column must contain values. |
|
C |
The first name of each user. Update this information if needed. All cells in this column must contain values. |
|
D |
The last name of each user. Update this information if needed. All cells in this column must contain values. |
|
E |
The existing email address in SiteLink for that user. Please do not edit this column. |
|
F |
The email address that will be associated with the SSO account. This is where Multi-Factor Authentication codes will be sent if the user selects email as their MFA option and should therefore be a real, valid email. This address can be either a personal address, unique company address, or shared company address. These cells may be blank or prefilled depending on your export selections. The email address from column E can be copied and pasted into column F or you can enter a different email address. All cells in this column must contain values. |
|
G |
A unique username that will be associated with the SSO account. These cells may be blank or prefilled depending on your export selections. The username must be formatted as an email address. It can but does not have to match the email address in column F. If you do not provide your staff or non-employee users with unique, real, company email addresses and they either use their own personal email address or a shared company address, create unique usernames formatted as an email address i.e. name@yourcompany.com, even if it is not a valid email address in your system. The username should be derived from your company or brand name. ⚠ This should not be the employee’s personal email address as it will be permanently associated with your company’s SSO system. Example: Email address in column F: billy.bob@gmail.com (personal email) or store105@abcstorage.com (shared email) because the user does not have a unique company email address. Username in column G: Could be billybob@abcstorage.com or similar, even though it is not a real email address. All cells in this column must contain values. |
|
H & I |
When initially exported, column H will say True if the row has an issue that will prevent the spreadsheet from being imported. Column I will show the types of issues that the row has. It is important to resolve all warnings shown in column I by updating data in columns B, C, D, F, or G. Note: Depending on how your user list was exported, there may be expected warnings for all users. For example, if Column G was originally blank, then all rows would show a Duplicate login name warning. This is expected and would be resolved by providing unique login names for all unique users. Please do not edit this column. |
|
J |
This column indicates whether the user has Corporate Control Center access. For CCC users who also have SiteLink Web Edition logins, you should expect to see 2 rows in the export: 1 for the CCC user and 1 for the SLWE user. Make sure both rows show matching values for the other required columns and update them in SLWE or CCC if necessary so that the records will be combined into a single SSO user during the import. Please do not edit this column. |
|
K |
Indicates whether a SLWE user has access to all current sites in your corp. Please do not edit this column. |
|
L |
Number of sites the user has access to. Please do not edit this column. |
|
M |
List of sites the user has access to. Please do not edit this column. |
|
N & O |
This is internal information. Please disregard and do not edit these columns. |
⚠ Important before moving on to step 3:
- Cells in columns B, C, D, F, and G cannot be empty in order to create SSO accounts. These columns must contain the user’s current username, the desired first name, last name, email address, and username that you want to be used in the SSO system.
- The spreadsheet should not be altered in any way other than as indicated for columns B, C, D, F, and G. All other columns should be used for reference only and not edited. No additional tabs should be added to the spreadsheet.
- Make sure to resolve any issues indicated in columns H & I.
Step 3: Activate SSO
When you are done making updates to your spreadsheet, log back into dashboard.storable.io.
|
1. Click Preview and Activate from the Onboarding page. |
|
|
2. Click Upload Export and select the file from your computer to import. It may take a few minutes for the import to complete. |
|
|
3. You will be able to preview the import to be sure there aren’t any errors. If our system identifies any issues, you will see the message: “Some of your users have errors. Please fix as needed and reupload a corrected user export”. The errors tab will show what needs to be corrected. Correct errors on the spreadsheet and reupload it as shown above. |
|
|
4. Please review the uploaded results to ensure they are correct before moving on to the next step. Once the import contains 0 errors and you are ready to activate MFA for your Corporation, click Commit Import. |
|
|
5. ⚠ We recommend completing the next step outside of business hours to ensure your employee’s work is not interrupted.
Once you are ready, check the box labeled “I understand and am ready to activate Storable SSO/MFA”. Click Enable SSO to activate Multi-Factor Authentication for your account. |
|
|
6. You will see a confirmation screen that onboarding is complete. Each of your users will need to set up MFA for their login using our instructions: Setting up SiteLink Multi-Factor Authentication. |
Once Onboarding is complete and you have activated MFA, the link that previously said Onboarding will be changed to Settings and your SiteLink apps will be populated on your SSO dashboard. If you need to make any changes to your Security Settings or add, remove, or change users, you can click that link from the dashboard to update them at any time.
