Citizen Space SSO implementation - responsibility matrix
This article is for the Citizen Space Admin SSO feature. Please contact your Customer Success Manager if you are interested in using Single Sign-on and Citizen Space.
This article outlines and details the various roles, responsibilities and escalation paths for using Citizen Space Single Sign On functionality.
Topics covered:
Key Stakeholders
Role |
Primary Responsibility |
Backup/Support |
| IT Administrator |
Complete technical setup and configuration |
Customer Success Manager (for guidance) |
| Individual Users |
Link their own accounts to SSO |
Self-service (cannot be done by admins) |
| Site Administrator |
Create emergency access account, coordinate rollout |
IT Administrator |
| Customer Success Manager |
Provide guidance and support |
Delib Support Team |
Phase-by-Phase Responsibilities
| Task |
IT Administrator |
Site Administrator |
Individual Users |
Notes |
| Create emergency admin account |
|
✅ Required |
|
Use different email domain |
| Plan testing approach |
✅ Lead |
✅ Support |
|
Test with small group first |
| Communicate timeline to users |
|
✅ Lead |
|
Set expectations |
Phase 1: Identity Provider Setup
| Task |
IT Administrator |
Site Administrator |
Individual Users |
Notes |
| Sign in to Microsoft Entra Admin Centre |
✅ Required |
|
|
|
| Create new app registration |
✅ Required |
|
|
Name: 'Citizen Space' recommended |
| Configure supported account types |
✅ Required |
|
|
'Accounts in this organisational directory only' |
| Set redirect URI to Web (blank URL) |
✅ Required |
|
|
URL added in later step |
| Record application details |
✅ Required |
|
|
Needed for Step 2 |
Phase 2: Citizen Space Configuration
| Task |
IT Administrator |
Site Administrator |
Individual Users |
Notes |
| Access SSO configuration screen |
✅ Required |
|
|
/_admin/sso_settings |
| Enter Client / Application ID |
✅ Required |
|
|
From Entra ID overview |
| Enter Discovery / Metadata document |
✅ Required |
|
|
From Entra ID endpoints |
| Create and enter Client Secret |
✅ Required |
|
|
From Certificates & Secrets |
| Save SSO settings |
✅ Required |
|
|
|
| Copy generated Redirect URIs |
✅ Required |
|
|
For Step 3 |
Phase 3: Identity Provider Finalisation
| Task |
IT Administrator |
Site Administrator |
Individual Users |
Notes |
| Add Redirect URIs to Entra ID |
✅ Required |
|
|
From Citizen Space config |
| Save authentication settings |
✅ Required |
|
|
|
| Grant admin consent (optional) |
✅ Recommended |
|
|
Removes popup for all users |
| Test SSO connection |
✅ Required |
✅ Support |
✅ Test Group |
Small group testing |
Phase 4: User Account Linking
| Task |
IT Administrator |
Site Administrator |
Individual Users |
Notes |
| Navigate to user profile |
|
|
✅ Required |
Each user individually |
| Select 'Activate SSO' link |
|
|
✅ Required |
Cannot be done by admins |
| Select 'Link Account' button |
|
|
✅ Required |
|
| Complete Microsoft login |
|
|
✅ Required |
|
| Confirm account linking |
|
|
✅ Required |
|
| Provide user support/training |
✅ Support |
✅ Lead |
|
Help desk for issues |
Escalation Paths
- User Issues: Individual Users → Site Administrator → IT Administrator
- Technical Issues: IT Administrator → Customer Success Manager → Delib Support
- Access Issues: Site Administrator → Emergency Admin Account → IT Administrator
.png){kind=logo}