Skip to main content

Single Sign-On (SSO) — Setup & Administration

Setting Up Single Sign-On (SSO)

Single Sign-On (SSO) lets your users log in to Safe Food Pro through your company's identity provider (IdP) — such as Microsoft or Okta — instead of a separate email and password.

Note: SSO is configured at the organisation level. Group-level SSO is not currently supported. All initial SSO setup is handled by the Safe Food Pro team — you cannot configure it directly in the Admin Console.

Supported Identity Providers

Safe Food Pro supports two types of identity provider:

  • Microsoft Entra ID (formerly Azure Active Directory)

  • OIDC (OpenID Connect) — covers Okta, Google Workspace, Auth0, PingOne, JumpCloud, and other OIDC-compliant providers

Before You Begin — What to Gather

The information you need to provide depends on your identity provider.

Microsoft Entra ID

Field

Details

Tenant ID

Also called your Directory ID. Format: eeb88dd5-e2d1-4277-9ebf-da2b83094562

OIDC providers (Okta, Google Workspace, Auth0, etc.)

Field

Details

Client ID

e.g. 0oa10eyz1x17WTWAT698

Issuer URL

e.g. https://integrator-3854253.okta.com

Client Secret

A long alphanumeric string — send this separately, not in a support ticket

Important: Do not send your OIDC Client Secret through public channels like email or SMS. Contact us and we will provide a secure way to share this information. We recommend using onetimesecret.com.

Step 1 — Contact Us to Enable SSO

Reach out to your Customer Success representative with the credentials listed above. Our team will configure the identity provider on your behalf.

What happens next:

  • Microsoft Entra ID: Your Tenant ID is added to your organisation record directly.

  • OIDC: You will provide credentials through an encrypted channel — not via email.

You will be notified once setup is complete and you can move to Step 2.

Step 2 — Enable SSO in the Admin Console

Once the provider has been configured by the Safe Food Pro team, you need to turn SSO on for your organisation.

  1. Log in to the Admin Console as an Organisation Administrator

  2. Go to My Business → Settings

  3. Find the Single Sign-On setting and enable it

  4. Save your changes

Note: Enabling SSO at the organisation level does not change how any current user logs in. Users continue using their email and password until SSO is assigned to them individually.

Step 3 — Assign SSO to Users

SSO must be enabled for each user individually, and the same SSO provider must be configured for each organisation or account that user belongs to before it takes effect. You can do this one at a time or in bulk.

Adding a New User

When SSO is configured for your organisation, you will see a choice when creating a new user:

  • Email & password — set an initial password for the user

  • Single Sign-On — the user will log in via your company's SSO portal

Editing an Existing User

Open any user's profile and change their sign-in method under the edit options.

  • Switching from Email & password to SSO: The user's email and password login is immediately disabled. They must use SSO to log in going forward.

  • Switching from SSO to Email & password: The user is sent a password reset email so they can create a new password and log in normally.

Bulk Updating Users

  1. Go to the Staff & Users list

  2. Filter or sort the list as needed

  3. Select multiple users

  4. Choose Enable SSO or Remove SSO from the bulk actions

How bulk actions handle mixed selections:

  • If you bulk-enable SSO and a selected user already has SSO, they are unaffected.

  • If you bulk-remove SSO and a selected user is on email and password, they are unaffected.

Tip: To see at a glance which users are already on SSO, enable the optional Requires SSO column on the users list.

Signing In with SSO

Web

  1. On the login screen, select Sign in with SSO

  2. Enter the email address associated with your organisation's SSO portal

  3. A popup will open from your identity provider — complete your normal company sign-in

  4. Once authenticated, the popup closes and you are logged in automatically

Note: If your browser is blocking the SSO popup, look for the blocked popup icon in your browser's address bar and allow popups for Safe Food Pro. In Chrome: click the popup blocked icon, select the site link, then choose Always allow. This step may need to be repeated for each organisation.

Mobile App

  1. Open Safe Food Pro and select Sign in with SSO

  2. Enter your email address

  3. Your organisation's SSO portal will open — sign in as normal

  4. Once authenticated, you are returned automatically to Safe Food Pro

Troubleshooting

"User not found" error when signing in with SSO Your user account may not exist in Safe Food Pro yet, or your email address may have been entered incorrectly. Contact your Organisation Administrator to confirm your account has been created and SSO has been enabled for you.

SSO popup isn't opening Your browser may be blocking popups. Allow popups for Safe Food Pro's URL and try again. See the popup instructions in the Signing In section above.

User signed in via SSO but can't access the mobile app Confirm the user's account has SSO enabled by checking the Requires SSO column in the users list. If SSO was recently changed from email and password, ask the user to sign out fully and sign back in using the SSO option.

Related Articles
Understanding Access Levels
Using the External Verifier Access Level
Using the Wizard if you are part of a Group
Adding or Changing a Group Administrator
Error Messages & what they mean
Did this answer your question?