How to enable Two Factor Login or Single Sign-On?

3 min read

In Meo, we can take security seriously. Therefore we also require that every account on a Meo workspace is protected by either two-factor authentication (via SMS or an app authenticator) or via centralized Single Sign-On authentication. Both options offer a high degree of security.

On account login, we support using either SMS as the two-factor authentication or using an app (such as Google Authenticator, Microsoft Authenticator, Authy or similar). Both offer high security.

For account recovery, we only support SMS as the account security.

Using Single Sign-On removes the need of two-factor authentication for our app, as the security aspect is centrally controlled. It offers a high degree of security, as you need to manage fewer passwords and centralized security within the IT department of your company. Large companies typically use SSO and Meo supports SSO via Microsoft Entra ID.

If you experience issues with logging in, then please contact care@meo.io.

  1. How to get started with SSO
  2. Initial set-up
  3. Users and groups set-up

How to get started with SSO

This guide is for setting up an integration with Microsoft Entra ID for users to be able to login to Meo using Single Sign-On (SSO).

Every user that needs access to Meo via SSO, must be added in the Azure back office. Please see a simple guide further below with screenshots. There are different applications on the Meo platform that require different permissions.

There are two main types of accesses:

  • Access to the Meo Workspace. This is where all data about your clients are saved and accessed. Only compliance team members should get this access. The roles for this are either “User”, “Admin” or “Viewer” (which controls which areas and which actions users can do on the workspace).
  • Access to the other Meo features, such as the approval process and risk assessments from non-workspace users. If the user should only get access to these features and not to the Meo Workspace, then they should get the role “NonWorkspace”.

Initial set-up

  1. Contact Meo and provide your Tenant ID by sending an email to care@meo.io

  1. Once set-up by Meo, log in for the first time using SSO to Meo (must be an Admin on Azure to provide permissions to the Meo SSO app).

  1. Go to Microsoft Azure account -> Manage Microsoft Entra ID. Then click on “Enterprise applications”

  1. Find and click on “Meo”:

  1. Click on “Properties” and make sure “Assignment required?” is set to “Yes”

Users and groups set-up

  1. Click on “Users and groups”, select the user to assign a new role to, and click on “Edit assignment”. (*)

  1. Click on “Select a role”, the on the right select the role for this user (**), on the bottom right corner click on “Select”, then on the bottom left corner click on “Assign”.

(*) (Alternatively, when adding a new user to the app, it will also require to assign a role to it and the steps to follow are the same) (**) The supported roles are:

  • Admin: Admins can use the entire application, change settings, access archive, invite new admins, etc.
  • User: Can use the platform but have no Admin capabilities.
  • Viewer: Has only read rights within the platform. Can view data, audits, etc, but cannot perform actions.
  • NonWorkspace: External users can use the Meo platform as a singular Identity, but do not have access to the workspace account (like Admins, Users and Viewers). This is useful for approving clients and/or risk assessments.
Related articles
Did this answer your question?