What can we help you with?

Google Single Sign-On

 

Google Single Sign-On is a secure authentication system that reduces the burden of login for your users, by enabling them to sign in with their Google account. No need to remember your password anymore!

To enable it follow these steps:

First, click on your profile picture at the top right corner, and select "Administration." Group 30 (2).png

 

Once you are on the admin section, select "Security". Expand the "Authentication policies" section and select "Add SSO policy." Here, you can choose a name for your policy, which will be displayed on the login page. Next, select "Google" from the list of SSO providers and click "Add SSO provider".

Copy of WF- Preview form (8).gif

Note: Once you enable Google SSO, you will be navigated to log in with your Google account. The email domain used on that initial login would be the Google domain for SSO.

  

Admins have better flexibility in managing login policies with the ability to customize the email and password policy. This setting makes it easy to exclude specific users from the SSO requirement, offering a flexible solution to adapt login preferences to your team’s unique needs.

When clicking on the three dots next to the "Email and password" section and choosing "Edit", the admin can select the policy members, meaning they can define who the email and password policy applies to—everyone or only some people (e.g., guests, a single user).

Group 12 (29).png

 

Before activating SSO, the email and password policy cannot be modified. By default, after SSO is activated, the email and password policy changes from "Everyone" to "Guests."

Group 12 (30).png

 

There are two options in the email and password policy section:

Option 1: All users (including guests) can log in to monday.com using the email and password policy.

Option 2: Only some people (guests, single user, or both) can use the email and password policy to log in to monday.com.

Choosing "Guests" under "Only some people" would mean that guests can log in using the email and password policy (not only SSO). This is the most commonly used policy option since oftentimes guests are external users not managed by an organization's internal IT.

Choosing "A single user" under "Only some people" would mean that only one chosen team member can log in using the email and password option (not only SSO).

Note: This break-glass access would be used if, for example, there is an issue with your SSO provider and you need access to the platform to perform settings changes.

 

Copy of WF- Preview form (37).gif

If applicable to your company’s security policy, we recommend using the "Guests" or "Guests and a single user" options under "Only some people" policy members. This means every user on the account, aside from guests and the designated single user, is required to log in using SSO. Guests can be invited to shareable boards and log in using an email and password as normal. In this case, guest emails do not need to be active in the account's IDP to log in. The single-user option provides additional flexibility, allowing one team member to log in using email and password for emergency access if needed.

 

Feel free to check out how to enable two factor authentication and the SAML on your account.

Note: It is currently not possible to connect multiple identity providers to one monday.com account. However, multiple monday.com accounts can be connected to one identity provider.

 

 

 

If you have any questions, please reach out to our team right here. We’re available 24/7 and happy to help.