As an Account admin on any product you always are keen to ensure that the configurations are done the right way, just so that your users have a seamless experience while trying to use the product.
When it comes to Copilot an important step of consideration for an admin would be about how they would like their users to login to the product and the roles that they need to be assigned.
Let’s spend some time discussing first about how users can login to the product.
An Admin could choose to either take the route of...
- Manually adding each user and then expecting the users to login into Copilot using an email & password
- If the company happens to use a SSO provider, the users can leverage this option to seamlessly login into the product, just like they would do with other products as long as Copilot is assigned to them on their list of apps in the provider
Option 1 is pretty straightforward and the account admin can go about configuring this by following these steps. However, option 2 would require the account admin to work with their IT Admin to help them get SSO configured for their account.
In case you are wondering about what is SSO?
SSO is a central authentication service. Once this is enabled for a customer, all users will have to login using their SSO credentials (ex: Okta credentials). This means that users don’t have to remember new passwords for Clari Copilot and can easily login using global credentials.
Sometimes companies also would like to use their SSO provider to help provision users as well so that an admin needn’t manually have to add users each time in the product. In Copilot we provide customers the option to go ahead and provision their users via their directory provider and in simple words we call this Provisioning.
A short explanation on Provisioning.
Provisioning is a directory sync service. Once this is enabled for a customer, an admin doesn’t have to invite users to Clari Copilot manually from the Clari Copilot manage users page. The admin can instead control who needs access to Clari Copilot, what their roles are and de-provision users when they leave etc. all from a single source of truth i.e the Directory Provider. (Ex. Okta)
Now, let’s spend some time on how admins can assign the roles to users in Copilot.
When an Admin needs to add/provision a user in Copilot they need to also ensure that the user has the right role assigned to them. These roles can either be the default roles that exist in Copilot or we also provide the option for Admins to further customize their roles and set up the required restrictions by using a feature we call Role based Access Control.
To help with a more detailed insight into SSO, provisioning and custom roles in Copilot, we have recorded a short video that talks about it.
Note: Availability of SSO & Custom roles in your Copilot instance is based on your subscription plan
Hope this was helpful.