Managing your account
      Back to home
      1. Vestd Help Centre
      2. Managing your account

      Using Single Sign-on at Vestd

      Single Sign-on (SSO) allows your employees to access the Vestd platform using their existing company credentials.

      SSO eliminates the need for your staff to manage a separate password for Vestd and allows you to enforce your own authentication policies.

       

      SSO is not the same as social sign-on or logging in with providers such as Google or Apple.

      Compatibility

      This service has been tested with Google Workspace, Microsoft Entra ID (Azure AD), JumpCloud, and Okta but should work with any SAML2 complaint provider.

      Logging into Vestd

      The login screen has a link to the Single Sign-on page, entering a work email address on the SSO page will redirect the user to the preconfigured Identity Provider (IdP).

      For a user who has previously been logged in via SSO a shortcut link will be provided on the login screen allowing for a one-click login.

      How SSO works at Vestd

      • If a user logs in via SSO and there is an existing verified account associated with that email address they will be associated allowing users to easily transition from a password login to SSO login.
      • Existing 2-step (MFA) credentials configured for a password login will not be used when logging in via SSO. The responsibility for setting security requirements sits with the IdP.
      • If turned on, accounts will be automatically created if they don't already exist when logging in via SSO.
      • If turned on users can be blocked from logging in using a password if they have previously used SSO.
      • Specific email addresses can be excluded from this restriction if necessary, although this should only be used as a backup or for testing.
      • When logged in via SSO, users are currently able to change the name associated with the account as well as the email address. Once an email change is confirmed the account will be disassociated from the IdP.
      • If a user leaves the organisation they will lose access to options or shareholdings they may have been invited to, the user should be advised to change their email address before departure or their personal email address should be invited to manage records.

      Getting started

      If you are interested in setting up SSO for your organisation please reach out to our customer success team and we can discuss the setup process.