Your program is likely published in the App Store and Google Play where anyone can download the apps, and the web experience is a public URL. The public access makes it easy to reach your program's landing page, where the users either sign in or click Join Now. Therefore, controlling who can complete registration via Join Now requires configuring your program. There are two basic configuration options - email registration or SSO.
If you opt for SSO (Single Sign-On), management of who can create a new member account is entirely in the hands of you and your IT team - the SSO configuration will affect who is able to join the program.
Both email registration and SSO can also have biometric access to the mobile app for reopening the mobile app. Note, biometric access does not replace the sign in process, biometric access is in addition to the user sign in.
With both email registration and SSO, user sessions are treated the same way. Web experience user sessions automatically expire after 30 days and the web users will have to sign in again. Mobile app sessions do not automatically expire. This helps drive user retention and keeps engagement high.
If you have members that should no longer have access to the program, blocking their profile will end their sessions immediately and prevent them from accessing the program again. You can block a member manually at any time via the Users page in Program Studio.
To automate blocking users, please review our deprovisioning API options.
Opening Sign In Options
Click on the gear icon in the top right and choose Configure Program. Select Sign In Options to configure the authentication method for your program.
Enable Email Registration and Confirmation
When your program is configured for email registration, your users create an account with SocialChorus using their email and setting a password. All users the register via email registration will need to confirm their emails via the Email Confirmation link that is sent to them.
There are several options that can be added to email registration:
- Only allow users with a specific email domain to register using Whitelisted Domains
- Verify user identities using User Verification
- Require users to submit a code before being granted access to the full feed, Code Access
Note: To ensure your employees receive the confirmation email from the SocialChorus platform, please work with your IT department to whitelist the SocialChorus email domain and IP address within your company email system. If the confirmation email is caught in a spam filter, your users will not be able to complete registration.
When email registration is enabled, the registration flow is:
- Enter email address on the Join Now screen
- Create password
- See ‘email sent’ screen
- Click confirmation link in email
- User is signed into the program and presented with any additional registration options
Example of what the confirmation email looks like for users:
Subject Line: Please confirm your email
Thank you for your interest in joining [Program Name]. Please click here to complete your registration.
With email registration, you can restrict who is able to register by whitelisting specific email domains. If no domains are listed, users with any email domain are allowed to register. If specific domains are listed, users that do not have a whitelisted domain will not be able to register for your program. If a user tries to register and they do not pass the whitelisted domain check, they will see a whitelist error message: "Email is not accepted for this program".
Note, if a user is already in the program such as by being uploaded or added, then they automatically pass the domain whitelist check during registration. This means that Created, Invited, and Registering users will be able to register no matter what domains are whitelisted.
You can add to your list of whitelisted domains or remove whitelisted domains at any time.
To add a new email domain, type in an email domain (do not use the @ symbol) and click Add. Add only one email domain at a time. For example:
To remove an email domain, click the x next to the email domain. Note, removing a whitelisted domain will only affect new users. Users that have already registered will be unaffected. If necessary, you can block the users from the Users page.
After making changes to the configuration, click the Save button.
User verification is an additional option that works with email registration to confirm users by personal details such as name, date of birth, employee ID, etc. Employees will still be required to register using an email and password combination so that they are able to sign in again in the future without re-confirming their details.
Benefits of leveraging user verification:
- User verification allows all employees access your SocialChorus program.
- User verification allows your company to include hourly employees, contractors, and any employee group without access to company emails or SSO.
- It allows employee groups without access to your Intranet or other tools to still be included in your program.
- With the correct configuration, we can also generate groups based on your employee data.
- The user data file can be used to deprovision users automatically.
User verification cannot be configured or managed in Program Studio and will require transferring the employee data using File via SFTP. Want to learn more about this option? Contact your Engagement Manager for information!
Enable SSO via SAML
Single Sign-On (SSO) is an authentication option that can be configured for a program either before or after launch. SSO allows a user to sign in with a single ID and password to gain access to multiple systems without having to sign in again or use different usernames or passwords.
SSO makes it easy to scale and manage your SocialChorus program:
- Using SSO allows your company to leverage your existing identity management infrastructure and provision users to your SocialChorus web and mobile apps
- Using SSO eliminates the need for IT to evaluate and maintain access to another system
- Depending on the configuration, SSO can pass user data to SocialChorus to enable auto-generation of groups
Additionally, using SSO improves an employee's registration and sign in experience as employees do not have to create and remember a new user name or password.
Employees that register via SSO will still be presented with the welcome video and questions.
To get started with an SSO integration, please fill out the attached documentation sheet and questionnaire and contact your Engagement Manager with the documents.
If you leverage SSO, discuss automated Deprovisioning with your SocialChorus contact. Deprovisioning will be a necessary addition to managing user access via the SSO IdP as deprovisioning will terminate active sign in sessions for separated employees.
It is possible to have both Email Registration and SSO enabled simultaneously for your program. With dual authentication, all configuration options still apply (such as domain whitelisting or user verification) - the only change is that users see an option to choose to sign in either via email or SSO.
Note, with dual authentication enabled, it is possible for SSO users to create duplicate accounts (both an SSO account and email account), so Dual Authentication is not always the best option for all programs.
If you are interested in dual authentication, please reach out to our Engagement Manager for more details.