We are excited to announce the launch of our Early Access Program for Enhanced Authentication, which includes improvements to Single Sign-On (SSO). The SSO feature includes a fully rebuilt login experience, providing a smoother and more secure experience to meet your firm's security requirements. New to this release is also the ability for admins to restrict password-based login in favor of SSO-only authentication.
Contents:
- Before You Begin
- Supported SSO Providers
- Enabling Early Access SSO
- SSO Login
- Active Features Toggle
- FAQ’s
Before You Begin
-
Enable at least one provider that supports SSO for your firm.
For the Early Access Program, SSO will be activated firm-wide with admin authorization. -
Ensure all firm-specific configurations are set up and tested with third-party SSO integrations.
Below are some resources to help you decide which option is best for you and what to test during setup.
Google - Setting up SSO for your Organization
Microsoft - Configuration of SSO
Supported SSO Providers
We have migrated to a new authentication service and now support the following SSO providers:
New SSO Login Experience: Supported SSO Providers
- Google SSO (Default)
- Microsoft (Azure AD)
- Okta
- Custom
Enabling Early Access SSO
1. Sign up for the Early Access Program. After an admin request, a BigTime representative will review your request and be in touch about firm wide activation.
2. Ensure that you have enabled an SSO provider for your firm. To participate in the Early Access program, an existing SAML-based SSO configuration is a requirement.
3. A BigTime representative will enable enhanced authentication firm-wide.
4. Once activated, you can log into BigTime using your SSO provider. Upon entering your email address, BigTime will identify the SSO provider(s) enabled on your firm and display them. Note, Google SSO is enabled by default.
SSO Login
Here’s what to expect when you log in with SSO for the first time.
1. Navigate to the BigTime login page and enter your registered BigTime email address. Click NEXT STEP to proceed |
|
|
2. Select your preferred SSO login provider. After your email address is validated, your firm's authorized SSO providers will be displayed as login options. NOTE: Google SSO is enabled by default. |
|
3. Complete authorization steps from your preferred SSO provider. If you are only assigned to one firm, you will be automatically redirected to the BigTime landing page after successful authentication. If you have more than one firm, proceed to step 4. |
|
4. If you have multiple firms, you will be redirected to the firm selection page in BigTime after successful SSO authentication. Select the firm you want to log into and click LOG IN to complete the login process. You will be directed to the BigTime homepage. |
Active Features Toggle
After your firm has been enabled in the SSO Early Access Program, you will see a new toggle appear in MY COMPANY…ACTIVE FEATURES. The ENABLE SINGLE SIGN-ON ONLY toggle will enforce SSO as the only login option and staff will no longer be able to log in with traditional email and password. Please note that the expected functionality of this toggle depends on an existing SSO provider being configured for your firm to prevent accidental lockouts.
FAQ
What is Single Sign-On (SSO)?
Single sign-on (SSO) is an authentication method that enables customers to securely authenticate using a single set of credentials with multiple applications and websites.
What are the security benefits of using SSO?
SSO simplifies user login across multiple platforms, reducing password fatigue and phishing risks. This helps protect against unauthorized access and common cyber attacks.
How do I add new users to SSO?
Once SSO is enabled for your firm, your staff will automatically see your preferred provider displayed on the login page. All user assignments are managed through your preferred SSO provider(s).
Will all of my staffers see this new login experience once it is enabled?
Yes. Once an admin enrolls, all staffers will follow the new login flow and can use SSO moving forward. In cases where the ‘SSO-only’ configuration has been enabled, staffers will only see an option to use SSO for login.
How can I configure our SSO settings?
Your preferred SSO service provider will manage all user-specific configuration settings.
How can I disable traditional password entry and Google SSO from my preferred login options?
In cases where firms would like to enforce SSO only, you can toggle the “Enable Single Sign-On Only” option to ON in ACTIVE FEATURES.
Please note that the expected functionality of this toggle depends on an existing SSO provider being configured for your firm to prevent accidental lockouts.
Removing Google SSO requires assistance from a BigTime representative.
What if I run into problems with SSO?
If you encounter any issues with the SSO service after your firm has been enrolled, please contact a BigTime representative for assistance. We are committed to improving your login experience and will be rolling out this enhanced authentication service as a standard feature across BigTime later this year. Ensuring a smooth and secure login process is a top priority.
What are future plans for OpenID Connect (OIDC)?
In a future release, admins can configure OIDC-based integrations with AzureAD, Okta, etc. As the service evolves, we'll phase out support for SAML2 in favor of OIDC integrations.
How can I give feedback?
There are a few ways that you can give feedback to us:
- Contact your CSM and provide any feedback.
- Participate in follow-up research studies as we wrap up the early access program. We will be sending follow-up surveys to gauge overall satisfaction with the experience, and your feedback will help us improve the experience.
- Fill out our Feedback Form. If you have an active session in BigTime, you can submit direct feedback through our feedback form.
Related Article: A New Login Experience