Skip to main content
Skip table of contents

In-App SSO Getting Started Quick Guide

The following information is important. Any user who does not have their own single unique login credential for Atrieve will require action.

Enable or Disable In-App Single Sign-on from the Portal to ERP Administration > Atrieve Web

With the 21.01.01 release, In-App Single Sign-on will be enabled for all users, so that each user will only be required to sign in once to the Portal to access all Atrieve products including Atrieve Web.

The first time you sign into the system you will be required to sign in to both the Portal and Atrieve Web.  Signing into Atrieve Web will automatically create the Atrieve Credentials constraint in Role-Based Security.  The Atrieve Credentials constraint controls the single sign-on functionality so that each subsequent time you access the system you will only be required to enter your credentials once when you sign into the Portal.

 There are some scenarios where having single sign-on enabled for a particular user, or users, may not be appropriate (see scenarios below), and if this is true then you may choose to opt-out of single sign-on for specific accounts.  This becomes more prominent when integrated to Active Directory, as individual Atrieve credentials are linked back to individual Active Directory accounts.

Opt-out of In-App Single Sign-on scenarios

Scenario 1 - single user has multiple accounts

Ie. 1 account for Payroll, 1 account for HR, and 1 account for Finance.

Best Practice: a user should have only 1 Atrieve account with access to different products or menus as appropriate for their user role through permissions.  We do not recommend 1-to-many configurations.

If this is a configuration your district requires, then the appropriate accounts will need to be set to opt-out of the Atrieve login. See instructions below.

Scenario 2 - multiple users share the same Atrieve credentials

Best Practice: this is not a configuration that we support because of the significant security risks and lack of proper auditing to a user. We do not recommend many-to-1 configurations.

If this is a configuration your district requires, then the appropriate accounts will need to be set to opt-out of the Atrieve login. See instructions below.

Scenario 3 - Position-based Accounts

Ie. an account based on a position, like ‘Finance Manager’ rather than using a specific username, like ‘John Smith’

Best Practice: this is not a configuration that we support because of the potential for security issues not knowing exactly who has signed in to the system and made changes at a given time. We do not recommend shared account configurations.

If this is a configuration your district requires, then the appropriate accounts will need to be set to opt-out of the Atrieve login. See instructions below.

Opting in or out of In-App Single Sign-on

By default, all users will be set to opt into single sign-on. When they log in for the first time after the update, there are no further actions.  If you need to make changes to opt a user account in or out of In-App Single Sign-on, do either of the following:

Option 1 - Opting in or out of In-App Single Sign-on from the User Hub 

  1. Sign in to the Portal as the employee wishing to opt out or in

  2. Navigate to the User Hub by clicking the user's name located at the bottom of the left navigation bar

  3. For Single Sign-on to be enabled, the toggle ‘Opt-out of Atrieve Login’ setting will be set to ‘No’ (this is the default setting)

    • Navigate to ERP Administration > Atrieve Web.  You will not be prompted to enter a username/password after the first login.

  4. For Single Sign-on to be disabled, the toggle ‘Opt-out of Atrieve Login’ setting will be set to ‘Yes’

    • Navigate to ERP Administration > Atrieve Web. You will be prompted for a username/password.

Option 2 – Opting in or out of In-App Single Sign-on from Role-Based Security (RBS)

  1. Sign in to the Portal

  2. Navigate to Role Based Security (Tools > Security & Setup > Role Based Security)

  3. From the Users menu, search for the User to be changed

  4. Click the edit pencil to modify the Atrieve Credentials constraint

  5. For Single Sign-on to be enabled, the ‘Opt-out of Atrieve Login’ checkbox will be unchecked

  • Navigate to ERP Administration > Atrieve Web.  You will not be prompted to enter a username/password

If you switch from opt-out back to opt-in, you will be required to enter the username and password as previously defined for the user to access Atrieve Web.  Optionally, if you do not know the username and password, you can simply remove the constraint.  Removing the constraint will prompt the user to enter their credentials the next time they try to access Atrieve Web.  Once the user enters their credentials, the constraint will automatically be recreated in Role-Based Security, and no further action is required.

6. For In-App Single Sign-on to be disabled, the ‘Opt-out of Atrieve Login’ checkbox will be checked

  • Navigate to ERP Administration > Atrieve Web. You will be prompted for a username/password.


JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close