Directory Sync & SSO

How to set up directory sync with Tigerhall?

To set up Directory Sync, contact Tigerhall’s Customer Success representative to help with the Directory Sync setup link. With the link we provide, your IT team can then configure their directory to sync with ours.

How does directory sync work with licenses management?

There is no association between license management and directory sync; it will continuously populate our system. Licenses management is only used to track how many users an org should have at most and when their access expires.

What is the difference between directory sync and SSO?

Single Sign-On (SSO):

• What it is: SSO is an authentication method that allows users to log in once with a single set of credentials (username and password) and gain access to multiple independent applications or services without needing to re-authenticate for each one.

• How it works: SSO relies on a "trust relationship" between a service provider (the application the user wants to access) and an identity provider (IdP), which authenticates the user. When a user logs in, the IdP verifies their identity and issues an authentication token. This token is then used to grant the user access to other connected applications without requiring them to enter their credentials again. Common protocols for SSO include SAML (Security Assertion Markup Language) and OpenID Connect (OIDC).

• Purpose: The primary purpose of SSO is to improve the user experience by reducing "password fatigue" and simplifying the login process. It also enhances security by reducing the number of passwords users need to remember (and potentially reuse or write down), and allows for centralized control over authentication.

Directory Synchronization:

• What it is: Directory Synchronization is the process of automatically synchronizing user, group, and other related identity information between an organization's central directory service (like Active Directory, Azure AD, or Okta) and various dependent applications or services.

• How it works: Directory sync tools monitor the "source of truth" directory for changes (e.g., new users, updated profiles, group memberships, deactivations). When changes occur, these tools automatically push that information to the connected applications, ensuring that user data is consistent and up-to-date across all systems. This often utilizes protocols like SCIM (System for Cross-domain Identity Management).

• Purpose: The main purpose of directory sync is to automate user provisioning and de-provisioning, streamline user management, and ensure consistent access control. It reduces administrative overhead by eliminating the need for manual user creation and updates in each application, thereby improving efficiency and security by ensuring that access is granted and revoked appropriately.

Will manually added users be able to use SSO?

Yes, assuming they exist in the remote authorization system. If they don’t, then manually adding users won’t work.

Will manually added users be affected by Directory Sync?

No, they will not be affected. If a user with that email is added to their directory in the future, it will be connected to our user account based on the email address.

Do manually added users get automatically removed with directory sync?

No, you must manually archive or delete them yourself.

How does Tigerhall know when to use SSO vs email & password?

The system contains a list of domains associated with organizations. If an email matches one of those domains, it will trigger that company's SSO connection to be used.