Citizen Space SSO implementation - responsibility matrix

This article is for the Citizen Space Admin SSO feature. Please contact your Customer Success Manager if you are interested in using Single Sign-on and Citizen Space.

This article outlines and details the various roles, responsibilities and escalation paths for using Citizen Space Single Sign On functionality.

Topics covered:


Key Stakeholders

Role

Primary Responsibility Backup/Support
IT Administrator Complete technical setup and configuration Customer Success Manager (for guidance)
Individual Users Link their own accounts to SSO Self-service (cannot be done by admins)
Site Administrator Create emergency access account, coordinate rollout IT Administrator
Customer Success Manager Provide guidance and support Delib Support Team


Phase-by-Phase Responsibilities

Task IT Administrator Site Administrator Individual Users Notes
Create emergency admin account
Required
Use different email domain
Plan testing approach Lead Support
Test with small group first
Communicate timeline to users
Lead
Set expectations

Phase 1: Identity Provider Setup

Task IT Administrator Site Administrator Individual Users Notes
Sign in to Microsoft Entra Admin Centre ✅ Required


Create new app registration ✅ Required

Name: 'Citizen Space' recommended
Configure supported account types ✅ Required

'Accounts in this organisational directory only'
Set redirect URI to Web (blank URL) ✅ Required

URL added in later step
Record application details ✅ Required

Needed for Step 2

Phase 2: Citizen Space Configuration

Task IT Administrator Site Administrator Individual Users Notes
Access SSO configuration screen ✅ Required

/_admin/sso_settings
Enter Client / Application ID ✅ Required

From Entra ID overview
Enter Discovery / Metadata document ✅ Required

From Entra ID endpoints
Create and enter Client Secret ✅ Required

From Certificates & Secrets
Save SSO settings ✅ Required


Copy generated Redirect URIs ✅ Required

For Step 3

Phase 3: Identity Provider Finalisation

Task IT Administrator Site Administrator Individual Users Notes
Add Redirect URIs to Entra ID ✅ Required

From Citizen Space config
Save authentication settings ✅ Required


Grant admin consent (optional) ✅ Recommended

Removes popup for all users
Test SSO connection ✅ Required ✅ Support ✅ Test Group Small group testing

Phase 4: User Account Linking

Task IT Administrator Site Administrator Individual Users Notes
Navigate to user profile
✅ Required Each user individually
Select 'Activate SSO' link
✅ Required Cannot be done by admins
Select 'Link Account' button

✅ Required
Complete Microsoft login

✅ Required
Confirm account linking

✅ Required
Provide user support/training ✅ Support ✅ Lead
Help desk for issues

Escalation Paths

  1. User Issues: Individual Users → Site Administrator → IT Administrator
  2. Technical Issues: IT Administrator → Customer Success Manager → Delib Support
  3. Access Issues: Site Administrator → Emergency Admin Account → IT Administrator