Hello!
I would like to set up SSO with Google for users. This covers for authentication. How do i ensure authorization is not interefered with and Login with google does not allow employees see information they shouldnt see? Thank you !
Answered
GOOGLE SSO
- Getting Started
Best answer by mruscito
Hello again
In that case, you don’t have to worry - the login authentication method that someone uses to access their Personio profile does not alter the information that they can see in their Personio account. What they can and cannot see is regulated by the access rights granted in their employee role(s).
You can check out this section of our Help Centre for more information on employee roles and how best to configure them for your company’s needs. ⬇
Employee Roles, Access Rights, Reminders & Calendars
Let me know if you have any other questions!
Take care,
Megan
+7- Community Moderator
Hi
Is it that you’re concerned that by using Google SSO authentication, the user might log into the wrong account, or that the login wouldn’t respect the access rights set up for a particular employee?
If you activate authentication with SSO for your Personio account, the process of identifying and authenticating an employee is completely managed by your Google Workspace. For this reason, we do recommend that you set up a 2-factor authentication.
Once the user is authenticated by Google, the system will check to see if the account the person is trying to log into matches the email address stored in the employee profile.
As well, no changes are made to the access that an employee has to the Personio account when you enable Google SSO authentication. If employee X has limited access rights and cannot see the reporting area, then they will still have this restricted view when they log into their profile via Google SSO.
You can find all relevant details on the process in the following Helpcentre article:
Does this answer your question? Let me know if anything is unclear!
Take care!
Megan
- Getting Started
Hey Megan!
Thank you so much for your reply!
My concern is that the login wouldn’t respect the access rights set up for a particular employee?
I want to ensure normal users cannot see information seen by hr.
I already have 2FA setup.
+7- Community Moderator
- Answer
Hello again
In that case, you don’t have to worry - the login authentication method that someone uses to access their Personio profile does not alter the information that they can see in their Personio account. What they can and cannot see is regulated by the access rights granted in their employee role(s).
You can check out this section of our Help Centre for more information on employee roles and how best to configure them for your company’s needs. ⬇
Employee Roles, Access Rights, Reminders & Calendars
Let me know if you have any other questions!
Take care,
Megan
Join the Personio Voyager Community!
If you are a Personio customer please use the same email address for registration as in your Personio account. By doing so we can help you faster if we might need to check something in your account. Do you already have an account? > Login
! Your public username cannot contain any personal information such as email or other private information! You can't change your username after registration.
Welcome to the Personio Voyager Community!
This is our service and networking community for all Personio users and HR Professionals. If you have not registered yet, please select "create an account"
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.