Using the SSO domain mapping feature, you can map teams in Monotype Fonts with your company’s existing domain. Once set up, this integration ensures that when users in your domain log into Monotype Fonts via SSO, they are provisioned into the right teams with their respective user roles and can immediately access the font assets (folders, font lists, web projects, and more) that are aligned with their creative projects.
To implement this feature, make sure that your SSO set up is configured to pass domain information in its SAML assertion.
Creating a new mapping
Let’s take a look at how you can create a new SSO mapping:
Begin by clicking on the SSO tab in the Manage section of your Monotype Fonts account.
Once in the SSO section, click on the Create new button.
In the Create SSO Domain Mapping dialog, enter your SSO domain name in the Tell us your SSO domain field.
Important: Double-check your spelling and domain format for accuracy, as this is the name Monotype Fonts will match against the domain name received from your active directory system. (Remember not to add the @, since we already include that in our field.)
Next, select the Roles and Teams for users within this domain from the drop-down menus.
You can add users within a domain to multiple teams by clicking on the + icon beside the drop-down menu(s). Your SSO mapping should now appear in the SSO mapping table.
Modify mappings
The SSO domain mapping table provides a view of domains mapped with teams, along with their roles and whether or not these mappings are in use.
Note: Modifying the teams and roles assigned to a domain will impact all users within that domain.
Begin by clicking on the domain name. This will open the Edit SSO Domain Mapping dialog.
In the Edit SSO Domain Mapping dialog, use the User Role or Teams drop-down menus to make changes to the existing mapping.
You can add users within a domain to multiple teams by clicking on the + icon beside the drop-down menu(s).
Important information:
When a user logs into Monotype Fonts via SSO for the first time, their domain is compared to your list of SSO mappings. If a match is found, the user’s configuration is created or modified based upon the mapping(s) you’ve created.
For existing companies working with ad groups and now switching over to domain mapping:
2.1. Users see divisions (in the case of hierarchy enabled companies) in where they are mapped to via ad groups and domain on their login page.
2.2 Users are able to access/log into divisions only where they are mapped via domain. For divisions where the user is mapped via ad groups, users will see an alert message if they try to access it.
2.3 Onboarding default domain mapping should be the same as onboarding active directory default mapping.
2.4 An expected behavior for existing companies: after switching over from AD group mapping to domain-based mapping, the domain mapping field may appear blank until the user logs in for the first time. This occurs because the mapping has not yet been established.
In case a match is not found:
For new users, user configuration is mapped to a pre-existing mapping named “default.” You may also choose to set one of your existing mappings as a default.
For existing users, no configuration changes are made.
In case of modifications to a user's domain or a particular domain’s mapping in Monotype Fonts, their user configuration is updated accordingly at the next login. Sessions time out after eight hours, re-checking and updating user configuration, if necessary, upon each successive login.
Modifying the teams and roles assigned to a domain in Monotype Fonts will impact all users within that domain.
Company admins can modify roles or teams for users logging in via SSO and mapped to an existing domain.
6.1. Company admins can modify roles positioned lower than their assigned role. Due to access restrictions, any roles positioned above the assigned role of company admin cannot be edited by them.
6.2. For those using our Company Hierarchy service, division admins can modify the roles that are beneath them in their particular division.
To remove users from a domain, please contact your IT/Systems Administrator.