A user who is a Soveren admin has the ability to invite new users, generate password recovery links for users who have forgotten their credentials, block other users' access, and configure the single sign-on (SSO) :
Inviting a new user
You can create new users for your Soveren account by clicking the Invite button. This action prompts the following dialog:
Soveren authenticates the user using the email address you provide, and the password they choose upon their first login.
After inputting the new user's email address, click on the Generate invite link button, copy the link, and manually send it to the new user via your preferred communication channels, such as email or Slack.
The new user will not receive the invitation link automatically. You must manually send it using your preferred communication channels like Slack or email.
Until the new user accepts the invitation, you have the option to Revoke it if you change your mind:
Upon clicking the invitation link, the new user is presented with the following form to fill out:
What if a user forgets their password?
If a user forgets their password, an admin can issue a password reset link. If you are the only user and have forgotten your password, please contact us at firstname.lastname@example.org, and we will assist by sending you a reset link.
Single sign-on (SSO)
User authentication with single sign-on (SSO) can be enabled in Soveren, allowing you to manage user access through your own identity provider (IdP). Currently, Soveren supports SSO with OpenID Connect (OIDC).
Creating an OIDC app integration
To begin, you will need to create an OIDC app integration for Soveren within your IdP — essentially, registering the Soveren app. The process to achieve this depends on your IdP. During this process, you will require the redirect URL (also referred to as the reply URL) of Soveren: this is the location to which your IdP directs users after successful registration or authentication. Soveren provides two URLs for this:
Next, navigate to Soveren's SSO settings and complete the following form:
Configuring the SSO authentication
From your IdP, you need to provide the following parameters:
- Client ID: The client ID of the Soveren app as registered within your IdP.
- Client secret: The client secret of the Soveren app as registered within your IdP.
Configuring the SSO provider
The settings here depend on whether you are using Active Directory Federation Services (ADFS) or another OIDC provider.
For an OIDC provider, Issuer refers to the URL that uniquely identifies your IdP. For example, in the case of Okta, the Issuer typically takes the form
Specifically for ADFS, however, you need to provide more parameters:
- Authorization endpoint: This is a URL used for ADFS authentication.
- Token endpoint: This endpoint is used to exchange an authorization code for access and refresh tokens.
Configuring the domain
Specify the Email domain to be authenticated through SSO. You can add multiple domains. For example, if you specify
your-domain.io, all users with an email address in the format
email@example.com will be authenticated by your IdP through SSO.
Personal login credentials will no longer work for users subject to single sign-on
There are two options for adding new users to Soveren through SSO: manually inviting selected users or fully delegating user management to your IdP.
If you invite new users from the domain(s) you've configured, Soveren will attempt to authenticate these users through SSO. (It is crucial that these users are correctly configured in the IdP.)
Soveren checks if the user is active in the IdP at least once every 24 hours
If a user is blocked in the IdP, there might be up to a 24-hour delay before their access is revoked in Soveren.
However, if you prefer not to manually invite users, you can delegate user management to your IdP:
Soveren will automatically create new users when they log in for the first time. The authorization of the user to access Soveren is determined by your IdP.