You can use your Microsoft login - both personal (such as Outlook or Hotmail) and work accounts - to log in to Sonas. This allows you to take advantage of the security features offered by these accounts while also reducing the number of passwords you need to manage.
Your organisation may need to authorise SSO in their Microsoft settings.
For existing accounts (both staff and couples), if your email is associated with a Microsoft account, you can opt to use SSO by simply clicking the blue Microsoft button when logging in. You will be prompted to enter your details (unless you're already logged in), and the first time you log in, you will need to authorise Sonas to access your profile data.
When creating a new staff account, you can now specify which login methods the account can use. By default, all login methods are allowed, but you can choose to restrict access to Microsoft SSO only. If your venue uses Microsoft 365 for Business and you want staff members to log in exclusively with their work email, select Microsoft SSO when creating a new staff user.
Restrict Email Domains
If you cannot see this section or get permission denied messages with any of the actions, please contact your Company Admin in order to get the required permissions.
You can restrict the email domains staff members can use for logging in. If you want to prevent someone from accidentally adding a Hotmail or Gmail address, navigate to Company > General and add your venue or company domain under Restrict Email Domains. From that point on, only users with an email in the format name@yourvenue.com can be invited. This restriction applies only to newly added staff users - existing users will not be affected. This setting does not apply to couples.
Revoking SSO Provider Access
If you have added users with their Login Methods set to only Microsoft SSO you can revoke their access directly from your end. As their account has been removed, the SSO authentication will fail and they will not be able to login to Sonas. If you had allowed All Methods they could still login using Username & Password, assuming they had already set it up, but chances are the device will require verification and, as they no longer have access to their work email, they should no longer be able to login. For best security we recommend setting all employees to your SSO provider only.