Skip to main content

Add a user

Abstract

Learn how to add users to the platform with Moody's SSO or a federated SSO identity provider.

Adding users allows them to access the platform according to the roles you assign. Users can sign in using Moody's SSO or your company’s federated SSO identity provider.

Prerequisites

  • Your account must have Create access to the User management resource. Learn more about user management.

  • For federated users: A SAML 2.0 application created in your identity provider and configuration completed with the platform.

Add a Moody's SSO user

To add a Moody's SSO user:

  1. On the User management tab, go to Users > User management.

  2. Select Add user. The Add new user page is displayed.

  3. Enter the user's details in the First name, Last name, and Email address fields.

  4. Select one or more user roles for the new user in the User roles field. User roles determine what users can see and do in the platform.

  5. Select Save user. The user is added to your account.

If this is the first time the user is accessing an SSO-enabled Moody's application, they will receive an email to activate their Moody's SSO account, which lets them access the platform and their other SSO-enabled Moody's applications using a single email address and password.

Add a federated SSO user

To add a federated SSO user:

  1. Create an app on your identity provider for a SAML 2.0 connection.

    If you would like to automatically assign role-based permissions to your users based on their identity provider groups, create a single custom attribute for your users that contains each user's group IDs. The IDs need to be sent so we can map them to a comma-separated list of strings.

  2. Provide the platform with the following information about your identity provider app:

    • The accepted domains your users will use to sign in.

    • Identity provider issuer URL

    • Identity provider single sign-on URL

    • Identity provider signature certificate (using SHA-256)

    • Destination URL (optional)

    We also need the names of the user attributes you're using on your identity provider so that we can map them:

    • email address, for example, subjectNameId

    • first name

    • last name

    • custom teams (optional)

  3. We complete our setup and send you the metadata you need to complete the configuration on your side.

If you aren't automatically assigning roles based on identity provider groups, new federated SSO users won't have any permissions when they sign in. Without at least one role, these users can't access any part of your account. Learn how to assign roles to users.

Additional information