The Goal: Understand how Single Sign On (SSO) works for the Info Hub, what GrowthZone configures for you, and the key decisions you need to make before it is enabled.
Before You Begin:
- GrowthZone performs the initial SSO setup — reach out to GrowthZone to start the process.
- Know whether your association is the Identity Provider or whether an outside system (e.g., IIA, Clareity) will manage member credentials.
- Understand which field GrowthZone uses to match a member’s access (IIA uses the member’s National ID; for Clareity SSO the matching field varies).
How Single Sign On Works
Single Sign On (SSO) is the process of utilizing a single set of login credentials across multiple systems. SSO is key to reducing the friction that users experience when navigating connected systems as well as improving a user’s online security. GrowthZone will perform the initial setup.
When using Single Sign On:
- If you are the Identity Provider, you will manage user login names and passwords as described above.
- If you are not the Identity Provider:
- The outside system will manage the user name and password. Confirm with the outside system the method used to provide your member with credentials. You will NOT use the GrowthZone functions to send create log-in instructions, reset password, etc.
- You will manage the members access level to the Info Hub. The default access level or the access levels defined for each membership type, configured at the Login Settings page under Settings, Staff & User Access section, will initially be assigned to new members. See Setup User Info Hub Login Settings more information on this You can change the access level provided to a member as described in Change an Individual’s Access Level.
- For troubleshooting purposes, it will be important to understand which field GrowthZone is using to match the member’s access. IIA uses the member’s National ID. For Clareity SSO the field used for matching will vary, so be certain to understand which matching field is used. This field is configured in GrowthZone upon initial setup. One step in troubleshooting, if a member is having difficulty in signing in, would be to verify that the member has the appropriate matching field.
Decisions to Make Before Setup
GrowthZone will assist you in setting up Single Sign On, however, you will want to make the following decisions:
- Force Members to use Single Sign On? If you choose to enable this option, and you are not the Identity Provided, members must login using their credentials from the Identity Provider. If this option is not enabled, then members have dual options. They will either login using the Identity Provided credentials, or GrowthZone username and password. In this scenario, staff are allowed to create a GrowthZone credentials normally as if SSO was not enabled and users should be able to successfully login.
- Unknown Contact Message (displayed when a Contact could not be found) You can customize the message displayed when a contact is not found.
- The Label (Optional) field allows you to customize the link to be used for the Identity Provided access.
Common Pitfalls
- Sending GrowthZone credentials when you are not the Identity Provider: If an outside system manages credentials, do NOT use GrowthZone functions to send log-in instructions or reset passwords — this conflicts with the Identity Provider and causes sign-in failures.
- Wrong matching field: If a member cannot sign in, verify they have the correct matching field (National ID for IIA; varies for Clareity) populated, since GrowthZone matches access on that field.