User Credentials

Create User

To add users to your Younium environment, follow the steps below:

1. Go to Settings > Admin > Users, then press "ADD".

Ska_rmavbild_2022-06-02_kl._11.07.54.png

2. Fill in all the fields, select a role from the "SELECT ROLE" drop-down list, then press "ADD ROLE". The role should now be listed below "USER ROLES".

5. Press "Save". An email will be sent to the email inputted with a request to create a password and log in to Younium. Note: this link expires within 24 hours.

Ska_rmavbild_2022-06-02_kl._11.08.27.png

 

User Roles

In Roles you can view and edit standard roles as well as add custom roles. The roles define access level to each object in Younium.

 

Setup MFA in Younium

  • Verify with you CSM that you have MFA enabled on you Tenant
  • Make sure that you have enabled the Security permission on your system admin users in Younium. (Settings > Admin> Roles> System Administrator> Security> Toggle Security settings on).
  • Decide what MFA strategy you want to execute, Younium supports the following:
    • Enable but do not enforce MFA
    • Enforce MFA
    • Enforce MFA except on SSO enterprise users
  • Enter the "Privacy & security" settings in your Personal settings by clicking on your username in the top right corner.  
  • Enter your workspace settings> Under Security Checkup select MFA and Manage 
  • In Multi factor authentication menu select Manage and configure the options that is valid for your tenant. 
  • Please note that API users must be excluded from MFA. Read more here

Younium supports all standard authenticator apps on the market like Google, Authy, LastPass, Authenticator, MS Authenticator, Duo etc.

 

Unenroll users from MFA

If a user looses their mobile device and the Younium tenant have enabled MFA they are going to unenroll that user from MFA to allow them to set up MFA again. 

 

Settings> Admin> Users> Select the user you want to unenroll> In the edit-window, check the box unenroll from MFA > Press save

 

Setup SSO in Younium

 

SSO using OIDC and Google workspace

To set up SSO for Younium using OIDC and Google Workspace log into the Younium application as System administrator and do the following:

 

  1. Talk to your Younium CSM to ensure that SSO is part of your contract. Your Younium CSM needs to enable SSO for you. 
  2. Enable the SSO permission by doing the following: Settings> Roles> System Administrator> Enable the permission Single sign on Settings under the section Security.
  3. Log into Younium with a user that have System administrator permissions and do the following:
    1. Click on your name in the top right corner, select Privacy & Security
    2. Under Workspace select SSO and Setup SSO connection
    3. Under the OpenID section select Custom OpenID
    4. At the Step Create an Application with your IdP, skip this step (and do not use the URL displayed during this step). Press Next
    5. Provide your Issuer URL at the step 2 (named: Provide your Issuer URL) in the Setup guide by pasting your OIDC metadata document URL (well-known) from your Goole workspace app in the URL section below and click "Next."

    6. Enter your Application (client) ID and Client Secret from your Google Configuration, then

      click "Next."

    7. Click "Continue to claim domain". In the next step, you must claim your SSO domain. Follow the DNS record setup instructions. If you run into any problems with validating your Domain, please reach out to Younium support. 
    8. Set the Default SSO Roles to "Read Only". Do not use any of the other roles.
    9. Log out from Younium, at next log in at app.eu.younium.com SSO should be enabled

You are now done with setting up your SSO connection. A common problem if does not work is the DNS validation. Please ask the Younium support to check/enable the DNS validation.

 

User creation via identity provider is not supported. The user must be created in both Younium and your identity provider.

 

SSO using SAML and Google workspace

To set up SSO for Younium using SAML and Google Workspace log into the Younium application as a System administrator and do the following:

 

  1. Talk to your Younium CSM to ensure that SSO is part of your contract. Your Younium CSM needs to enable SSO for you. 
  2. Enable the SSO permission by doing the following: Settings> Roles> System Administrator> Enable the permission Single sign on Settings under the section Security.
  3. Log into Younium with a user that have System administrator permissions and do the following:
    1. Click on your name in the top right corner, select Privacy & Security
    2. Under Workspace select SSO and Setup SSO connection
    3. Under the SAML section select Google
    4. Follow the wizard to finalize the setup
    5. During the final step the guide will ask you to set Default SSO Roles, set the role "Read Only". Do not select any of the other roles. 
    6. Finalize the guide

User creation via identity provider is not supported. The user must be created in both Younium and your identity provider.

 

SSO using OIDC and Azure

To set up SSO for Younium using OIDC and Microsoft Azure log into the Younium application as System administrator and do the following:

 

  1. Talk to your Younium CSM to ensure that SSO is part of your contract. Your Younium CSM needs to enable SSO for you. 
  2. Enable the SSO permission by doing the following: Settings> Roles> System Administrator> Enable the permission Single sign on Settings under the section Security.
  3. Log into Younium with a user that have System administrator permissions and do the following:
    1. Click on your name in the top right corner, select Privacy & Security
    2. Under Workspace select SSO and Setup SSO connection
    3. Under the OpenID section select Custom OpenID
    4. At the Step Create an Application with your IdP, skip this step (and do not use the URL displayed during this step). Press Next
    5. Provide your Issuer URL at the step 2 (named: Provide your Issuer URL) in the Setup guide by pasting your OIDC metadata document URL (well-known) from your Azure app in the URL section below and click "Next."

    6. Enter your Application (client) ID and Client Secret from your Azure Configuration, then

      click "Next."

    7. Click "Continue to claim domain". In the next step, you must claim your SSO domain. Follow the DNS record setup instructions. If you run into any problems with validating your Domain, please reach out to Younium support. 
    8. Set the default roles for SSO users, standard settings is "Read Only". Do not use any of the other roles
    9. Log out from Younium, at next log in at app.eu.younium.com SSO should be enabled

You are now done with setting up your SSO connection. A common problem if does not work is the DNS validation. Please ask the Younium support to check/enable the DNS validation.

 

User creation via identity provider is not supported. The user must be created in both Younium and your identity provider.

 

SSO using SAML and Azure

To set up SSO for Younium using SAML and Microsoft Azure log into the Younium application as a System administrator and do the following:

 

  1. Talk to your Younium CSM to ensure that SSO is part of your contract. Your Younium CSM needs to enable SSO for you. 
  2. Enable the SSO permission by doing the following: Settings> Roles> System Administrator> Enable the permission Single sign on Settings under the section Security.
  3. Log into Younium with a user that have System administrator permissions and do the following:
    1. Click on your name in the top right corner, select Privacy & Security
    2. Under Workspace select SSO and Setup SSO connection
    3. Under the SAML section select Azure
    4. Follow the wizard to complete the setup
    5. During the finalization steps the application will ask you to select a "Default SSO role". In this step it is important to select the role "Read Only" from the dropdown. Do not select any of the other roles. 
    6. Finalize the guide

User creation via identity provider is not supported. The user must be created in both Younium and your identity provider.

 

Client Token and secret - or exclude API users from MFA & SSO

Younium have previously supported a user based authentication method for api-users. We are now moving away from that and now we support the generation of a client Token and Secret. More instruction on how to set that up is available here

 

If you want to continue to use the current authentication version you must do the following steps below:

API users must be excluded from MFA. If they are not excluded the integration will stop working. 

 

    • In the Younium application go to: Settings > Admin> Users
    • Select the user you are using for your integrations
    • Hover over a user, press the pen to edit
    • Under the setting: Authentication method select > Legacy API User
    • Read the confirmation message and press "Confirm"

To validate that the user is now excluded from MFA, please visit https://eu.younium.com/ and in the Region selector box pick Classic

 

If your password does not work, try to reset it by pressing the "Reset password" link. 

 

A user that have been excluded can not use or access the security & privacy menu in Younium. If you want to enable those features for a once excluded user, login to the Younium app again and under the setting Authentication method select Regular user. Log out from the service and the login again but this time use the region where your data is hosted in the region selector on the login page. 

 

Deprecation of the Legacy API Authentication Method - 30th of November 2025

Younium is sunsetting its Legacy API authentication method. If you built any API integration to Younium before April 2024 and have not updated it to our current one, as described in our API documentation, you need to do so before 31/11 - 2025. You find our API documentation here.

What is Youniums Legacy API authentication method?

Before April 2024 Younium used a username and a password for APIs to fetch a token. This was normally a Younium user created for this specific user but it could be done with any user within Younium.

April 2024 we started to roll out our new authentication method for users. To continue supporting our Legacy API method, we built an opt-out method that API integrations could use to keep the Legacy API method even with our new Authentication. The opt-out was set on the user and is named “Legacy API user”. Read more about this in our support documentation.


Introduction of new authentication method for Younium

In April 2024 we started to roll out our new authentication method to all our customers. The purpose of this was to be able to provide a higher level of security with secure passwords, MFA, SSO, and the requirement of real email addresses to work. As part of that update, Younium now supports API authentication with Client token and Secret.

Deprecation Youniums Legacy API Authentication Method

Younium will deprecate our Legacy API Authentication method by 30st of November 2025. By then any integration that is intended for future use needs to be updated to our new method as described in our development portal.

Recommendations on how to swap authentication method

We strongly recommend you create a new user intended to be used as an integration user. For future transparency, it is recommended to create a dedicated user for this purpose named api_integration@demo.com or similar. Then with that user create a client token and secret and start working on updating your integration.

It is possible to opt-in any legacy API users again to be able to use it to create a client token and secret. However, this will break any integration in current use and might be confusing. How to do that is described in the bottom of this support article.


Still having questions?

We are here to help! Please reach out to Younium Support and we will guide you further.

 

FAQ

Here we have tried to collect as many answers as possible connected to our migration to Youniums new authentication platform. 

 

Q:What URL should I use after migration

A: app.eu.younium.com

 

Q: It seems that my activation link have expired, and I can not activate my user?

A: Use the url app.eu.younium.com and reset the password. This will give you the same result. Once a password is set you can access Younium again. 

 

Q: We are a company group where same email addresses have been used to different Younium environments. These users can no longer login. 

A: To improve security a user in Younium now requires a real email adress. Contact Younium support with a real email and we will update your user. A work around is also to create a new user with a email alias eg. james.brown+customer1@customer.com or to exclude that specific user with the same process as a legacy API user can be excluded for a period of time. See this article.

 

Q: Why can I not log into Younium

A: After too many failed log in attempts your user can be inactivated. Please ask your internal Younium Admin to check that your user is Active in Settings > Admin > Users

B: Double check that you are using the correct domain Europe, United States or Classic.