Hi @jokuse !

Is it that you’re concerned that by using Google SSO authentication, the user might log into the wrong account, or that the login wouldn’t respect the access rights set up for a particular employee?

If you activate authentication with SSO for your Personio account, the process of identifying and authenticating an employee is completely managed by your Google Workspace. For this reason, we do recommend that you set up a 2-factor authentication.

Once the user is authenticated by Google, the system will check to see if the account the person is trying to log into matches the email address stored in the employee profile.

As well, no changes are made to the access that an employee has to the Personio account when you enable Google SSO authentication. If employee X has limited access rights and cannot see the reporting area, then they will still have this restricted view when they log into their profile via Google SSO.

You can find all relevant details on the process in the following Helpcentre article:

Google Single-Sign-On

Does this answer your question? Let me know if anything is unclear!
Take care!

Megan

Hey Megan!

Thank you so much for your reply!

My concern is that  the login wouldn’t respect the access rights set up for a particular employee?

I want to ensure normal users cannot see information seen by hr.

I already have 2FA setup.

Hello again @jokuse !

In that case, you don’t have to worry - the login authentication method that someone uses to access their Personio profile does not alter the information that they can see in their Personio account. What they can and cannot see is regulated by the access rights granted in their employee role(s). 

You can check out this section of our Help Centre for more information on employee roles and how best to configure them for your company’s needs. 

Employee Roles, Access Rights, Reminders & Calendars

Let me know if you have any other questions!

Take care,

Megan

Thank you so much!