In Welcome, logging in via Single Sign-On (SSO) is preferred as it eliminates the need for Excel spreadsheets used to transfer personal information that could easily be compromised. This also means it's easier to maintain compliance with GDPR requirements, as no data is manually sent outside of AD and Welcome.

Currently, Welcome supports Google Workplace and Microsoft Entra AD (previously Azure) as SSO providers. When the user logs in for the first time with their SSO credentials, Welcome will assign the user desired rights through automated provisioning.

The data exchanged during user login includes:

If there are changes to the user's data in the company's SSO service, Welcome will update its data the next time the user logs in.

Welcome facilitates login using SSO to other directory services, such as Microsoft Entra AD. When doing so, industry-standard protocols OpenID Connect and OAuth2 are used for authentication. More information about OpenID Connect is available here.

The building administrator specifies in the company's setup which SSO provider is used and which domain(s) should be available for logging in. For example, the building administrator sets up a company, Acme Inc, which uses Microsoft Entra AD, with the domain acme.com. Once this is configured, an IT manager within the company can log into the solution and confirm on behalf of the company that they approve the login and usage of the solution.

IT managers can follow instructions for setup of SSO here.

Once the company's IT manager has completed the previous step, regular users within the company can log in using their email address. The user will then be redirected to their SSO provider for authentication and returned to Welcome upon successful login.

Users can follow this guide for setting up their account using SSO.

For all subsequent logins that the user performs, any updates to user information from the SSO provider will update the user's data in Welcome.