SSO mapping
Use the SSO mapping feature to map the teams in Monotype Fonts with your company’s existing active directory (AD) groups.
This integration ensures that when users in your AD groups log in to Monotype Fonts via SSO, they are provisioned into the right teams with their respective user roles and have immediate access to the font assets (like folders, font lists, web projects, and digital ads) aligned with their creative projects.
To implement this feature, ensure that your SSO set up is configured to pass group information in its SAML assertion.
Creating a new mapping
To create a new SSO mapping:
Go to Manage > SSO from your Monotype Fonts account.
Click Create new. The Create SSO Mapping page displays.
Enter your SSO group name in Tell us your SSO group.
Tip: Don’t forget to verify the spelling of your SSO group name to ensure that you are matched with the correct group name.
Note: For Azure AD group mapping, you will need the 32-digit GCID of the group and the name of the group would be the alias name. For example,
Select the User Roles and Teams for users contained in this group from the dropdown.
You can add users within a group to multiple teams by clicking on the + icon beside Teams.
Click Create SSO Mapping. Your SSO mapping should now appear in the SSO mapping table.
Note: On first login, your SSO users are added to your chosen SSO mapping. If their SSO group name is not recognized, we will use your default mapping and list your unmapped groups. If a user belongs to more than one group, the role would be assigned based on the group listed higher in the table.
Modifying SSO mappings
The SSO mapping table provides a view of groups mapped with teams, along with their user roles and usage. You can also find Unmapped Groups list below the SSO mapping table. If we don’t recognize the group name when your users log in, then we will list those group names here so that you can create a new mapping for them.
Note: Modifying the teams and/or roles assigned to a group will impact all users within that group.
To modify the SSO mapping:
Click on the group name that you want to modify to open the Edit SSO Mapping.
Make the required changes to the existing mapping using the User Role and/or Teams.
You can add users within a group to multiple teams by clicking on the + icon beside the Teams menu.
Click Save.
Note: You can also click Delete SSO mapping to delete the mapping.
Creating new mappings for unmapped groups
Click on an unmapped group’s name from the Unmapped Groups list to open the Create SSO Mapping dialog and follow the steps used to create a new SSO mapping.
Important
When a user logs in to Monotype Fonts via SSO for the first time, their active directory group is compared with your list of SSO mappings. If a match is found, the user’s configuration is created or modified based on the mapping(s) that you have created. In the case of multiple matches, the first match takes effect.
If a match is not found:
For new users, user configuration is mapped to a pre-existing mapping named default. You may also choose to set one of your existing mappings as a default.
For existing users, no configuration changes are made.
In both cases, unrecognized groups are listed under Unmapped Groups, and their mappings can be modified using the steps outlined above.
Don’t forget to verify the spelling of your SSO group name to ensure that you are matched with the correct group name.
For Azure AD group mapping, you will need the 32-digit GCID of the group and the name of the group would be the alias name.
In case a particular group’s mapping in Monotype Fonts or a user’s active directory group has been modified, their user configuration is updated accordingly at the next login. Sessions time out after eight hours, re-checking and, if necessary, updating user configuration upon each successive login.
Modifying teams and roles assigned to a group in Monotype Fonts will impact all users within that group.
Company admins cannot modify the roles or teams of users logging in via SSO and mapped to existing active directory groups.
To remove users from a group, please contact your IT/Systems Administrator.