Team & access

Enterprise SSO safeguards

All guides

Larger organisations often require everyone to sign in through one identity provider — say, Microsoft only. Mapvera lets a team admin lock a team to specific sign-in methods, so anyone using a different method can log in but can't reach that team.

Restrict a team to specific sign-in methods

  1. Open Team Settings

    Sign in, open the menu (top-right) and choose Team Settings. You need to be a team admin.

  2. Find “Allowed sign-in methods”

    Expand the Allowed sign-in methods section. You'll see three boxes — Google, Microsoft and Email & password — all ticked by default.

  3. Untick what you want to block

    Leave only the methods your organisation allows. For example, to require Microsoft, untick Google and Email so only Microsoft stays ticked.

  4. Save

    Click Save. The restriction takes effect immediately for everyone on the team.

    Leaving all three ticked means no restriction — anyone in the team can use any method.

This applies to team admins too, not just members — so an admin who signs in with a blocked method is also kept out. Mapvera staff (super-admins) are exempt so they can always help you.

What a blocked person sees

Someone whose method isn't allowed can still sign in to Mapvera normally — the restriction is per team, not a login block. But when they land on the restricted team they see a full-screen “Sign in a different way” message naming the allowed methods, with a Sign out button. They log out, sign back in with an approved method, and they're in. If they belong to other teams, those are unaffected.

Don’t lock yourself out

If you untick the method you're currently signed in with, Mapvera warns you before saving — because you'd immediately lose access to this team's settings. You can still proceed if that's intentional.

If you do lock yourself out, get back in by signing in with one of the allowed methods, or ask a Mapvera admin to reopen it. A blocked session can't reach Team Settings — that's the point — so keep at least one admin able to sign in with an allowed method.

How the check works

Mapvera decides your method from the account you actually signed up with (Google, Microsoft, or email & password) — it's read on the server, so it can't be faked from the browser. Because each Mapvera account uses a single method, “the method you signed in with” and “your account's method” are the same thing.

Pair it with your identity provider

Allowed sign-in methods control access inside Mapvera. Your identity provider can add a second layer that decides whether Mapvera may be used at all:

  1. Microsoft (Entra / Azure AD)

    A Microsoft tenant admin can approve Mapvera for the whole organisation in one step — use the Approve Mapvera for Microsoft button in Team Settings, next to Allowed sign-in methods. You'll get a confirmation once it's done, and staff then sign in with Microsoft without individual consent prompts.

  2. Google Workspace

    Google has no one-click approval. First, one of your team tries to sign in with Google and chooses Request access — Mapvera then appears in your Google Admin console. Use the Open Google App access control link in Team Settings to get there, then mark Mapvera Trusted.

A tidy setup: allow only Microsoft on the team here, and pre-approve Mapvera in your Microsoft tenant — so every staff member is admitted the same way, and no other method can reach the team.