About single sign-on (SSO) for Maxsight

A Moody's SSO account lets users access Maxsight and their other SSO-enabled Moody's applications using a single email address and password. See Activate your Moody's SSO account for more information.

Federated users sign in to Maxsight through their company's chosen SSO identity provider, such as Azure Active Directory or Google SSO. When federated SSO is configured on your account, your users sign in with your identity provider after entering their email address on the Maxsight sign-in screen. See Add a federated SSO user to Maxsight for more information on how to configure federated SSO.

Each time a federated user signs in, their name and teams are updated with the details from your identity provider. If the user is signing in for the first time, their email address will be added to your Maxsight account, making them a Maxsight user that you can see and manage from the User management tab. Federated SSO users have SSO displayed next to their name.

If the federated user belongs to any groups on your identity provider and you've linked those groups to Maxsight teams, the user is added to the teams automatically and can access the areas of your account based on the team roles.

If you have not enabled federated SSO, you can create accounts for your users from Maxsight's User management tab, using exactly the same email addresses you plan to use for SSO. Remember to assign user roles or team roles so they can access the appropriate areas of Maxsight. Ensure users have the correct permissions, including ensuring that your identity provider groups are linked to Maxsight teams.

When a user signs in, their sign-in credentials are converted to federated SSO. From this point forward, the user must always sign in to Maxsight using their federated SSO details.

The user is automatically added to any Maxsight teams that are linked to identity provider groups enabled for their SSO account. They'll be able to access the areas of your account based on the team roles. Any pre-existing teams and roles are removed.

Where possible, we recommend using identity provider groups linked to Maxsight teams. However, if the user does not have groups assigned to them or those groups have not been linked to Maxsight teams, the user keeps the same teams and roles that they had before SSO. Activity within the Maxsight account, including audit history, is not affected by the change to login credentials.