Skip to content
  • There are no suggestions because the search field is empty.

SSO with Domain Whitelisting

Admin guide to Domain Whitelisting

 

Overview of Social Sign-On

Social Sign-On allows your team to log in to Hive using their existing Google or Microsoft work accounts - the same credentials they use every day. There is no new password to remember, and no configuration required from your IT department.

When combined with Domain Whitelisting, Social SSO also restricts access so that only people with an approved company email address (e.g. @yourcompany.com) can sign in. This gives you centralised control over who can access your Hive instance.

  • One-click access - employees sign in with their existing Google or Microsoft account
  • Hive automatically adopts the MFA policies your organisation already has in place for Google or Microsoft
  • No additional MFA configuration needed
  • Zero IT setup - live in minutes, not weeks

What is Domain Whitelisting?

Domain Whitelisting is a security restriction that only allows people with a specific, approved email domain to access Hive. For example, if you add @acmecorp.com as an approved domain, only users with an @acmecorp.com email address will be able to sign in.

Prerequisite:

The user's email address must already exist in your Hive employee data. Domain Whitelisting checks that the email being used to sign in both matches an approved domain AND belongs to a known user in the system.

How to Enable SSO

Step 1: Go to Authentication Settings

1

From your admin dashboard, open Account Settings.

2

Click the Authentication tab.

3

Scroll to the Social Sign-On section.

Step 2: Enable Google and / or Microsoft

1

Select Google or Microsoft to allow Workspace logins.

2

You can enable one or both providers - your employees will see all active options on the sign-in page.

Step 3: Add Domain Whitelisting (Recommended)

1

Scroll to the Domain Whitelisting section within Authentication Settings.

2

Click Add Domain.

3

Enter your organisation's email domain (e.g. acmecorp.com).

4

Click Save. Repeat for any additional approved domains.

Step 4: Save and Communicate

1

Click Save Changes to apply your settings.

2

Let your team know they can now sign in at hive.hr/sign-in using their existing Google or Microsoft account.

Important: Make sure all employee email addresses in your Hive data match an approved domain before enabling this setting.