Identity
Admins
Federated authentication
Making sure your users only use federated single sign-on to authenticate
Federating Identity with Azure Active Directory
How to add or replace an x509 certificate for Azure Active Directory federations
Managing Authorities for SSO Domain Access
Configuring multi-factor authentication (MFA)
Identity and MFA FAQs for admins
Password policy
Resetting passwords
User roles and permissions
Creating and managing users
Manage Organisation Co-branding
Onboarding new users with welcome emails
Adding custom content to welcome emails
Creating and managing custom scopes
Add Login URLs to your Organisation
MFA - mandatory for Admins
Unlock user account
Setting up a SAML Client
An Introduction to Multi-Factor Authentication & Single Sign-On
Identity and MFA FAQs
OneAdvanced Single Sign-on login process when using an authenticator app
OneAdvanced Single Sign-on login process when using email for authentication
OneAdvanced Single Sign-on login process for federated accounts
OneAdvanced Identity login using username
User Journey for EasyPass (Passkeys)
Security questions
How to help keep your OneAdvanced account safe and secure
Integrations
OneAdvanced AI
Getting started
Introducing OneAdvanced AI
How does OneAdvanced AI work?
Benefits of using OneAdvanced AI
Limitations of using OneAdvanced AI
Definition of terms
Prompts
Getting started with prompts in OneAdvanced AI
Prompt engineering
Avoiding Common Pitfalls and Errors
Using Prompts in OneAdvanced AI
Using OneAdvanced AI to Summarise a Document
Using OneAdvanced AI to Simplify Information
Using OneAdvanced AI to Compare Documents
Using OneAdvanced AI to Create Visuals Using Data
Private Spaces
Intelligent Chat Agents
Introducing Intelligent Chat Agents
Accessing Intelligent Chat Agents
Using Intelligent Chat Agents
Intelligent Chat Agents Catalogue
Administration
FAQs
Web Search
Platform
Helpful how-to guides
How To - Add a Spreadsheet or Chart to your Desk
How To - Add Youtube Videos to a Desk
How To - Add a Spotify Playlist to a Desk
How To - Add Microsoft Stream Videos to a Desk
How to stop unwanted time-outs
Admin
Desks
Applets
Applets Overview
Advanced Financials Applets
Setting up Advanced Financials Applets
Advanced HR Applets
Clear Review Applets
Contract Management Applets
Countdown Applet
Desk Notes Applet
iFrame Applet
My Link/Links Applet
RSS Feed Applet
Ideas Applets
Tasks
Data Platform
Data Platform FAQs
Data Platform (Bring Your Own BI/Data Share) - Connection Options
Data Platform (Bring Your Own BI/Data Share) - User Licence Assignment Administration
Data Platform (Bring Your Own BI/Data Share) – How to Connect Microsoft Power BI to OneAdvanced Data Platform
Data Platform (Bring Your Own BI/Data Share) - Snowflake ODBC Connector Configuration Guide
Data Platform (Bring Your Own BI/Data Share) - Connecting Microsoft Excel to Snowflake Using ODBC
OneAdvanced Mobile app
How to install the OneAdvanced mobile app on your device
Instructions: Adding OneAdvanced Mobile App to Microsoft Intune Company Portal
Licencing
- All topics
- Identity
- Admins
- Federated authentication
- Managing Authorities for SSO Domain Access
Managing Authorities for SSO Domain Access
Authorities
Authorities are used to control which email domains are allowed to authenticate, pair, or create user accounts
When Automatic Pairing is enabled as part of the First Login Flow, Authorities act as a security control to ensure that only users from approved domains can login even if their user account does not yet exist.
Configuring an Authority
Authorities are managed from the Authorities tab within the Organisation settings.
To add an Authority:
- Navigate to Organisation → Authorities
- Select Add Authority
- Enter the domain that users are expected to log in with
(for example:example.com) - Save the Authority
You can add multiple domains if users may authenticate using different email addresses.
Authority Validation (DNS Verification)
After an Authority is created, it must be validated before it can be used.
When you add a domain, you will see the following message:
Authority needs validation The authority has now been created. To enable the authority, add a text record to the DNS record of domain
<domain>TXT record:
ssoauthority-verification=<value>Once this has been done, return here and validate the authority.
This step confirms ownership of the domain and prevents unauthorised domains from being used.
An Authority can also be validated manually by an administrator. After successful validation, the Authority becomes active and users with matching email domains will be allowed to authenticate based on the configured First Login Flow.
