Other
      Back to home
      1. Help Center
      2. Admin
      3. Other

      SSO Bypass

      SSO Bypass lets users skip single sign-on and log in to KaiNexus with a username and password instead.

      What is SSO Bypass?

      SSO (Single Sign-On) Bypass allows users to log in with a username and password instead of using your organization's SSO provider. It lets certain users bypass the normal SSO flow.

      When to use SSO Bypass? 

      SSO Bypass should be used sparingly, as it overrides standard authentication controls. It should only be used when you need users who are not in your organization's Identity Provider (IdP) to sign into KaiNexus. Often these users would be external consultants or collaborators. 

      SSO Bypass is also used when your organization utilizes Kiosk or Wallboard Users, as those User Types must sign in with a username and password.  

      How it works

      To get started with SSO Bypass, your Customer Success Manager will first need to enable it for your organization. They'll help set everything up and generate a unique SSO Bypass URL, which the designated SSO Bypass users will use to sign in. 

      After SSO Bypass is enabled, you can turn it on for specific users. 

      Creating SSO Bypass Users

      Who can turn on SSO Bypass for a user? 

      You must have the Global User Administrator permission in your System Role to turn on SSO Bypass for a user.

      This ability is not granted with the Local User Administrator permission. 

      How to create a new SSO Bypass user

      We recommend following these steps when creating a new user that needs SSO Bypass: 

      • Create the new user with the Setup User Type. This will ensure they do not yet receive an activation email.
        • If you create a user with the General or Capture User Type before SSO Bypass is enabled, their activation email will include the standard sign-in link instead of the SSO Bypass link. As a result, they won't be able to sign in
      • Locate the user's account in the People section or User Management. 
      • Hover over the account, and select the lock icon.
      • Select Bypass Single Sign-on. This allows the user to sign in with their username and password instead of SSO. 
      • Edit the user, and change their User Type from Setup to General. When you do this, an activation email will be sent automatically to their email address. Since SSO bypass is now enabled for them, the activation email will include the SSO Bypass sign-in link, allowing them to set their own password and sign in without using SSO. 

      How to turn on SSO Bypass for an existing user

      To turn on SSO Bypass for an existing user:

      • Locate the user's account in the People section or User Management. 
      • Hover over the account, and select the lock icon.
      • Select Bypass Single Sign-on. This allows the user to sign in with their username and password instead of SSO. 
      • You can either send the user a password reset email or set a temporary password to allow them to sign in. If you choose to set the password manually, be sure to share it securely.
      • The SSO Bypass User will then access KaiNexus using the unique SSO Bypass URL and enter their username and password. 

      Helpful Tips

      • System emails sent to SSO Bypass users automatically use the correct URL. If an SSO Bypass user receives a KaiNexus-generated email, the link will include the bypass-specific URL and prompt them to sign in with their username and password—no extra steps needed.

      • Be cautious when sharing links manually. If an SSO user manually shares a KaiNexus link with an SSO Bypass user, it may not work because their root URLs are different. 

      Recommended Reading