The time for remembering long and difficult passwords is over. Thanks to single sign-on, server administrators and server owners can now rely on a third-party system to handle user authorization while still keeping data and user info safe. Single sign-on also benefits users—they can log into different services from one account. Of course, when using SSO, adding security measures to their master account is key to ensuring that their data is protected.
Single sign-on has been available in memoQ beginning with version 9.5. If you’re not already familiar with it, however, here’s what you missed. If you have a memoQ server and already use OIDC-based login, our new SSO feature is for you.
Enhanced security & faster sign-on
When OIDC-based authentication is set up on a memoQ server, you can let a user log in just by providing them with a unique URL, which lets them log in by themselves, without even being a native memoQ user. In this case, a new, disabled user is created who is not a member of any group. This has sometimes made it difficult for user managers to keep track of who has already been approved or who the new users are.
We are introducing new SSO tweaks to memoQWeb in our 9.9 release to help server admins with identifying and managing these new users.
New OIDC provider: OneLogin
A new OIDC provider, OneLogin, is now supported in memoQ. If you have been using it at your organization for authentication, now you can also select and configure OneLogin from the list of OIDC providers, and use your OneLogin account to access your memoQ server as well.
Email notification of new users & a new approval process
When a new user logs in with SSO, that user is automatically given a pending status. For an added layer of security, you have to activate these new users before they can start working with memoQ. And to make it faster and easier for you to approve those users, we added email notifications to the feature. Once a user signs in using an OIDC-based account, the server admin gets an automated email about the user and can then either activate or reject them.
Rejected users cannot create a new memoQ user with the same SSO account. However, if you rejected the user by mistake, you can always go back to the user management dashboard and change it. With these new functionalities, you can easily keep track of your users from the moment they first request a login.
User statuses in a nutshell:
- Active: the user has been approved by the server admin and has access to projects on the server.
- Disabled: login is disabled, but the user account and group membership are kept.
- Pending: the user signed on via SSO and it’s up to the server administrator to either approve or reject them.
- Deleted: The user has been deleted and loses all permissions.
- Rejected: The user had been rejected and cannot create a new user with the same account again.
The improvements don’t stop there: Resources API can now also be used with an OIDC user.
Changes to user management
User feedback to learn what our customers want and need has never been more prominent than in developing the new SSO feature, as well as in making even more improvements to memoQWeb’s UI.
The user dashboard now features all users (including those using OIDC). From now on, you can also export a list of users as a .csv file—either just selected users or all at once. Filtering options have also been improved: you can now filter users based on user type, in addition to the already existing filters.
memoQ 9.9 is all about what our users truly need. We hope server administrators will enjoy the new SSO functionality as well as enhanced security (and thus, peace of mind). Download the new version today!
