Predictive Insights - SSO, Security, and User Management

User and Security Management

It’s possible to access security and user management screens via the top menu. This option is only visible to users assigned to an ‘Administrator’ role.

Screen Shot 2020-07-21 at 2.04.11 PM.png

 

 

 

 

 

 

 

 

 

User Management & Roles

‘Administrator’ users are able to manage and create new users in the system. Roles are pre-defined and cannot be customized at this point. Every user can have a single role.

Roles

The following roles are available in the platform:

Role Name

Permissions / Operations Allowed

View Only
  • Login
  • View Markets
  • View Demand Center Segments

Content Management

  • Login
  • View Markets
  • View Demand Center Segments
  • View Sales Coach Content
  • Modify Sales Coach Content / Settings

Demand Generation

  • Login

  • View Markets

  • View Demand Center Segments

  • Increment List

  • Upload List

  • Export List

  • Create NN Accounts Lists and Segmentation

  • Create NN Leads Lists and Segmentation

  • Create Demand Center NN and Segmented Lists

Demand & Content

  • Login
  • View Markets

  • View Demand Center Segments

  • Increment List

  • Upload List

  • Export List

  • Create NN Accounts Lists and Segmentation

  • Create NN Leads Lists and Segmentation

  • Create Demand Center NN and Segmented Lists

  • View Sales Coach Content

  • Modify Sales Coach Content / Settings

Market Builders

  • Login
  • View Markets
  • View Demand Center Segments
  • Create Market
  • Increment List
  • Upload List
  • Export List
  • Create NN Accounts Lists and Segmentation
  • Create NN Leads Lists and Segmentation
  • Create Demand Center NN and Segmented Lists 
  • Change Market Definitions (i.e. A/B/C/D ranks, pipeline or exportable MIs)
  • View Sales Coach Content

Marketing Ops

  • Login
  • View Markets
  • View Demand Center Segments
  • Create Market
  • Increment List
  • Upload List
  • Export List
  • Create NN Accounts Lists and Segmentation
  • Create NN Leads Lists and Segmentation
  • Create Demand Center NN and Segmented List
  • Change Market Definitions (i.e. A/B/C/D ranks, pipeline or exportable MIs)
  • Change Integration Settings (Eloqua, Marketo, SFDC, Integrate, ML)
  • Change NN Leads Settings (ZoomInfo settings)
  • Change Demand Center settings
  • Change General settings
  • Suppression File Management
  • View Sales Coach Content
  • Modify Sales Coach Content / Settings
  • View All Tasks

Administrators

  • Full access to customer 'organization' including User Management

User Management

The platform allows ‘Administrator’ user to add new users and manage existing users. All users in the system are visible in the single list. It is possible to filter the list by role or use a search box to search names or emails.

 

Screen Shot 2020-07-30 at 1.25.09 PM.png

When a user is created, a name and an email address must be provided (email is also used as User Name). A user should be assigned to a Role.
Upon creation, the user will receive a signup email that would allow him or her to set password. The email also includes important login information.

Users are always ‘activated’ when they are created.

Screen Shot 2020-07-30 at 1.26.44 PM.png

When a user is edited, it is possible to change his or her name and Role. It is not possible to change the email address of the user.
Additional options include:

  • Forcing a user to change the password on next login while maintaining his current credentials active.

  • Reset password option that would invalidate current user credentials and send him an email to ‘reset password’.

Screen Shot 2020-07-30 at 1.28.51 PM.png

Organization Security Settings

Password Security Settings

This feature allows you to set organization-wide security settings such as minimum password length and different character classes required for a secure password.

Furthermore, it is possible to enforce a periodic password change. Setting this parameter to 0 would disable password change enforcement.

It is also possible to control the enforcement of ‘Password History’ tracking and the number of passwords remembered. Currently, by default, 3 last passwords are remembered by the system. Setting this parameter to 0 would disable ‘Password History’ tracking.

Screen Shot 2020-07-30 at 1.35.02 PM.png

Single Sign-On Settings

You can also configure optional SSO integration with OKTA (Okta Simplified) or SAML. If you configure SSO integration you will not need to manually create users in Mintigo and you can rely on your SSO provider for management of passwords and user lifecycle.

OKTA Simplified SSO

To use OKTA Simplified SSO, you first need to perform configuration changes in OKTA and then in Mintigo platform. Please follow the steps below.

How to set up the integration on OKTA side:

  1. Under admin console, go to Applications.

  2. Click “Add Application” -> “Create New App”.

  3. Platform: Single Page App (SPA), Sign on method: OpenID Connect.

  4. Application Name: “Mintigo OP”, login redirect URI:

    https://app.mintigo.com/api/sso-login/. Please notice the trailing slash (/)

    character as it is important. Click “Save”.

  5. In app screen that opened, click “Edit”.

  6. “Login initiated by” – select “Either OKTA or App”.

  7. Check “Display application icon to users”.

  8. Login flow – choose “Send ID Token directly to app (OKTA Simplified).

  9. Scopes choose Email, Groups, Profile.

  10. Note the Client ID, you will need it in the configuration screen in the Predictive Insights platform, as described below.

  11. Click “Assignments” tab. Make sure that the app is assigned to the relevant employees in your organization.

  12. Continue configuration in Mintigo Platform.

Configuration in Mintigo:

The platform will let you auto-register users that login via OKTA and they will receive default user role as configured in this screen.

To configure OKTA Simplified SSO, go to Single Sign-On tab, enable Single Sign-On choose OKTA from provider drop-down. Then define the following settings:

Screen Shot 2020-07-30 at 9.40.43 PM.png

 

Issuer URL is your OKTA URL, for example, yourbiz.okta.com. Client ID is the OKTA application (chiklet)’s Client ID that you have generated above. If you do not have it handy, it appears in application settings in OKTA under Client Credentials section.

Default Role for Auto-Provisioned users is the default role that users that were logged in via OKTA will receive if they were not provisioned before.

Note: please note that chiklet for OKTA has to be manually created by user with relevant permissions in OKTA.

 

Please save to apply the configuration.

SAML Based SSO

The platform will let you auto-register users that login via SAML IdP and they will receive default user role as configured in this screen.

To configure SAML based SSO, go to Single Sign-On tab, enable Single Sign-On choose SAML from provider drop-down. Then, you will be presented with a list of settings relevant for this type of integration.

Screen Shot 2020-07-30 at 9.44.52 PM.png

  • ‘Mintigo Entity ID’ should be copied into ‘Entity ID’ field in your SAML ldP configuration page.

  • ‘Mintigo ACS’ URL should be copied into ‘ACS URL’ in your SAML ldP configuration page.

  • ‘SSO Direct Link’ field should be copied into ‘Start URL’ field in your SAML ldP configuration page.

The following parameters need to be provided:

  • ‘Entity ID’ URL from your SAML configuration page should be copied into ‘ldP

    Entity ID’ field in the settings page.

  • Please upload Certificate and IdP Metadata XML

  • Default Role for Auto-Provisioned users is the default role that users that

    were logged in via SAML will receive if they were not provisioned before.

Important: When defining your SSO application on the IdP, you must make sure that the following claims are passed:

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/user_mail

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name

User_email is mandatory since this is our way to identify the user in the system, the rest of the claims can be any field you want, as long as they are being passed.

0 Kudos
Contributors
Latest Articles
Modeling Data Requirements
Predictive Insights
4 weeks ago
09-08-2020
08-04-2020
Labels (1)