SSO is an authentication method that gives you access to all other connected apps and services via one login.
If you have a Google or Microsoft account, you can link your timr account to it. This way, you no longer need to enter your own credentials for timr.
1. Activate SSO (Single Sign-On) as Administrator
To activate SSO login procedure in your timr account, the function will be enabled in your timr account.
Step 1: Open the "Single Sign-On" tab in the "Administration/Settings" menu.
Step 2: Select one or more variants through which your employees are allowed to log in and then save the selection.
2. Connect timr User Account with External Authentication
If Single-Sign-On (SSO) is enabled, users can connect their personal timr account with the external authentication. As a timr user, follow these steps to do so:
Step 1: Open your personal area (your username on the bottom left of the menu) and then "Settings".
Step 2: In the "External Authentication" block, you can choose the authentication services that have been activated by your company/administrator (see point 1.).
Step 3: Select "Connect" to start the login process and enter your Google or Microsoft account credentials.
Now the data for external authentication are stored.
You can also disconnect this connection here.
As a user you can now login either with the timr credentials or with your Google or Microsoft account (Example: view of the timr login via browser).
3. Synchronize Users via Directory Service (Directory Sync)
If your company uses a directory service, you can create and synchronize users via this service.
Note: This option is available only in the Enterprise plan or when using the Advanced Permissions module.
3.1 Enable Directory Service
Marker 1: Activate the Directory Service through which you want to create or synchronize your users and enter your credentials for this service. To connect to the directory service you need administrator rights for this service.
Marker 2: If you activate "Allow external authentication only", it is no longer possible to enter the account using the timr credentials. In this case, you will also no longer be able to change the user's password, as the alternative login option will no longer be available.
Employees who log in via the terminal:
Employees who are not managed in the Directory Service can log in/out via QR code at the terminal if the "Allow external authentication only" setting is active. In this case, you can also create users manually, but only with QR code login.
Note: Disable this setting if you want to allow timr support access to your account.
3.2 Synchronize external users
Once the connection to the Directory Service is established, you can import and synchronize your users created in the Directory Service in the "Administration/User" via the "External Users" icon.
3.2.1 Create user
Here you can see all the employees you have created in the Directory Service (e.g. Google Workplace). Select for which employees you want to create a timr account. The timr user account is then automatically linked to the directory service.
To create a single user, click on "Create user" in the user's row. To create multiple users at once, check the box by the user and then click the blue "Create User" button.
If a user is added via "External users", he will receive an invitation e-mail, but without the possibility to choose a password.
3.2.2 Linking users
Existing timr accounts are compared with the entries from the external directory service. In case of matching data (email address) you decide here if you want to take over data and "link user(s)". The users can then log in automatically via the directory service, a manual linking (as per point 2.) is no longer necessary.
3.2.3 Connected users
Under "Connected Users" you can see which employees are already linked to the timr account. Click on "Update Connected Users" to automatically apply changes (e.g. if the name has changed) to timr.
If the user's email changes, this change will be applied to timr. However: If this e-mail address was also used as login (which is generally the case) the login remains on the old e-mail.
E-Mail = Login = email@example.com
Angie Meyers is getting married and changes her name to Jackson:
(new) E-Mail = firstname.lastname@example.org
Login (stays) = email@example.com