Users have full access to Gratavid. They can log in, edit contacts, edit notes, and send Gratavids. We recommend adding your team as internal users.
External assignees can't log in to your Gratavid account, but you can assign tasks to them. Once a task has been assigned to them, they can record videos via their task assignee link. Add your top volunteers, board members, and advocates as external assignees.
Before you add users, it's important to understand the different sign-in methods made available to you through Gratavid.
By default, your users will create a password to access their Gratavid account; however, you can enable Microsoft or Google single-sign-on (SSO), so your users don't have to make a separate Gratavid password.
How to activate SSO:
- Visit the "Sign In-methods" tab under Manage Users as an admin within your Gratavid account.
- Activate either Google or Microsoft sign-in.
- Add your Microsoft tenant/directory id or your Google Workspace primary domain. Single sign-on will not work without this step. Tip: you can visit https://www.whatismytenantid.com/ to find your Microsoft tenant id.
Benefits of SSO:
- The ability to send Gratavids directly from users' Gmail or Outlook account. Visit Send Gratavids Through Outlook or Gmail to learn more.
- Users log in with their Google or Microsoft account.
- Greater security. Your admins can enable two-factor authentication and other security measures when signing into Google or Microsoft.
- Fewer passwords. Your team won't have to remember a separate Gratavid password.
Visit the Manage Users page in Gratavid to add your team members/users to your Gratavid account. Only Gratavid admins can manage users.
Gratavid's authentication provider is Google Cloud Identity and Access Management (IAM). Gratavid does not store users' passwords. In fact, Gratavid never sees users' passwords. Authentication, user tokens, and passwords are managed by Google.
Gratavid uses OpenID Connect to power single-sign-on (SSO) with Microsoft and Google. OpenID Connect 1.0 is a simple identity layer on top of the OAuth 2.0 protocol. Specifically, we use the OAuth 2.0 authorization code flow. Once an OpenID token is generated from the authorization code, our server verifies both the user's email and the user's organization/audience before allowing access to Gratavid.
Authentication tokens are not only stored at rest but are also encrypted before being saved to our database. Therefore, even the Gratavid database administrators do not have access to the decrypted authentication token. Authentication tokens are encrypted with AES-256 and the key to decrypt is only available on our app layer. In other words, the key to decrypt the authentication token is not accessible to the database layer and is only accessible to the app layer.