The Goal: Understand how GrowthZone secures back-office staff logins through multifactor authentication (MFA) and, optionally, single sign-on (SSO via SAML), so you can choose the right approach for your association.
Before You Begin:
- MFA support is included in all GrowthZone subscriptions — no add-on is required.
- SSO via SAML requires an external identity provider (such as Azure AD) already configured for your organization.
- Decide whether you need MFA for staff back-office logins only, or a separate member login (Info Hub) authentication method as well.
Step-by-Step: Your Authentication Options
- GrowthZone offers support for multifactor authentication (MFA) for staff that login to the back office. MFA support is included in all GrowthZone subscriptions. For more information on MFA, please view our MFA Workflow article for more information.
-
Alternatively, we also offer the ability for association staff to utilize SSO (via SAML) for back office GrowthZone access. This allows associations that are configured with a provider, such as Azure AD, to have access to MFA through this third party. In this setup, GrowthZone acts as the SSO Consumer and Azure AD is the Provider. Please be aware at this time this feature does not include member (Info Hub) logins.
- You can use SAML + Azure AD for staff back office access AND use a separate SSO option (such as Higher Logic or Clareity) for your member logins to the Info Hub. Both of these authentication methods can be utilized in the same database.
- See GrowthZone Single Sign On for additional information. If this alternative MFA setup is something your organization is interested in, please contact the Support Team.
Common Pitfalls
-
Clone environment access:
With back-office SSO enabled, association staff members will not be able to access our clone environment.
- Over-engineering your setup: Most customers will use the MFA support provided by GrowthZone. Only pursue the SAML + Azure AD SSO route if your organization specifically requires it.