Citizen Space SSO implementation - responsibility matrix
This article is for the Citizen Space Admin SSO feature. Please contact your Customer Success Manager if you are interested in using Single Sign-on and Citizen Space.
This article outlines and details the various roles, responsibilities and escalation paths for using Citizen Space Single Sign On functionality.
Topics covered:
Key Stakeholders
Role |
Primary Responsibility |
Backup/Support |
IT Administrator |
Complete technical setup and configuration |
Customer Success Manager (for guidance) |
Individual Users |
Link their own accounts to SSO |
Self-service (cannot be done by admins) |
Site Administrator |
Create emergency access account, coordinate rollout |
IT Administrator |
Customer Success Manager |
Provide guidance and support |
Delib Support Team |
Phase-by-Phase Responsibilities
Task |
IT Administrator |
Site Administrator |
Individual Users |
Notes |
Create emergency admin account |
|
✅ Required |
|
Use different email domain |
Plan testing approach |
✅ Lead |
✅ Support |
|
Test with small group first |
Communicate timeline to users |
|
✅ Lead |
|
Set expectations |
Phase 1: Identity Provider Setup
Task |
IT Administrator |
Site Administrator |
Individual Users |
Notes |
Sign in to Microsoft Entra Admin Centre |
✅ Required |
|
|
|
Create new app registration |
✅ Required |
|
|
Name: 'Citizen Space' recommended |
Configure supported account types |
✅ Required |
|
|
'Accounts in this organisational directory only' |
Set redirect URI to Web (blank URL) |
✅ Required |
|
|
URL added in later step |
Record application details |
✅ Required |
|
|
Needed for Step 2 |
Phase 2: Citizen Space Configuration
Task |
IT Administrator |
Site Administrator |
Individual Users |
Notes |
Access SSO configuration screen |
✅ Required |
|
|
/_admin/sso_settings |
Enter Client / Application ID |
✅ Required |
|
|
From Entra ID overview |
Enter Discovery / Metadata document |
✅ Required |
|
|
From Entra ID endpoints |
Create and enter Client Secret |
✅ Required |
|
|
From Certificates & Secrets |
Save SSO settings |
✅ Required |
|
|
|
Copy generated Redirect URIs |
✅ Required |
|
|
For Step 3 |
Phase 3: Identity Provider Finalisation
Task |
IT Administrator |
Site Administrator |
Individual Users |
Notes |
Add Redirect URIs to Entra ID |
✅ Required |
|
|
From Citizen Space config |
Save authentication settings |
✅ Required |
|
|
|
Grant admin consent (optional) |
✅ Recommended |
|
|
Removes popup for all users |
Test SSO connection |
✅ Required |
✅ Support |
✅ Test Group |
Small group testing |
Phase 4: User Account Linking
Task |
IT Administrator |
Site Administrator |
Individual Users |
Notes |
Navigate to user profile |
|
|
✅ Required |
Each user individually |
Select 'Activate SSO' link |
|
|
✅ Required |
Cannot be done by admins |
Select 'Link Account' button |
|
|
✅ Required |
|
Complete Microsoft login |
|
|
✅ Required |
|
Confirm account linking |
|
|
✅ Required |
|
Provide user support/training |
✅ Support |
✅ Lead |
|
Help desk for issues |
Escalation Paths
- User Issues: Individual Users → Site Administrator → IT Administrator
- Technical Issues: IT Administrator → Customer Success Manager → Delib Support
- Access Issues: Site Administrator → Emergency Admin Account → IT Administrator