User Credentials

Create User

To add users to your Younium environment, follow the steps below:

 

1. Go to Settings > Admin > Users, then press "ADD".

Ska_rmavbild_2022-06-02_kl._11.07.54.png

2. Fill in all the fields, select a role from the "SELECT ROLE" drop-down list, then press "ADD ROLE". The role should now be listed below "USER ROLES".

 

5. Press "Save". An email will be sent to the email inputted with a request to create a password and log in to Younium. Note: this link expires within 24 hours.

Ska_rmavbild_2022-06-02_kl._11.08.27.png

 

User Roles

In Roles you can view and edit standard roles as well as add custom roles. The roles define access level to each object in Younium.

 

Setup MFA in Younium

  • Verify with you CSM that you have MFA enabled on you Tenant
  • Make sure that you have enabled the Security permission on your system admin users in Younium. (Settings > Admin> Roles> System Administrator> Security> Toggle Security settings on).
  • Decide what MFA strategy you want to execute, Younium supports the following:
    • Enable but do not enforce MFA
    • Enforce MFA
    • Enforce MFA except on SSO enterprise users
  • Enter the "Privacy & security" settings in your Personal settings by clicking on your username in the top right corner.  
  • Enter your workspace settings> Under Security Checkup select MFA and Manage 
  • In Multi factor authentication menu select Manage and configure the options that is valid for your tenant. 
  • Please note that API users must be excluded from MFA. Read more here

Younium supports all standard authenticator apps on the market like Google, Authy, LastPass, Authenticator, MS Authenticator, Duo etc.

 

Unenroll users from MFA

If a user looses their mobile device and the Younium tenant have enabled MFA they are going to unenroll that user from MFA to allow them to set up MFA again. 

 

Settings> Admin> Users> Select the user you want to unenroll> In the edit-window, check the box unenroll from MFA > Press save

 

Setup SSO in Younium

 

SSO using OIDC and Google workspace

To set up SSO for Younium using OIDC and Google Workspace log into the Younium application as System administrator and do the following:

 

  1. Talk to your Younium CSM to ensure that SSO is part of your contract. Your Younium CSM needs to enable SSO for you. 
  2. Enable the SSO permission by doing the following: Settings> Roles> System Administrator> Enable the permission Single sign on Settings under the section Security.
  3. Log into Younium with a user that have System administrator permissions and do the following:
    1. Click on your name in the top right corner, select Privacy & Security
    2. Under Workspace select SSO and Setup SSO connection
    3. Under the OpenID section select Custom OpenID
    4. At the Step Create an Application with your IdP, skip this step (and do not use the URL displayed during this step). Press Next
    5. Provide your Issuer URL at the step 2 (named: Provide your Issuer URL) in the Setup guide by pasting your OIDC metadata document URL (well-known) from your Goole workspace app in the URL section below and click "Next."
    6. Enter your Application (client) ID and Client Secret from your Google Configuration, then

      click "Next."

    7. Click "Continue to claim domain". In the next step, you must claim your SSO domain. Follow the DNS record setup instructions. If you run into any problems with validating your Domain, please reach out to Younium support. 
    8. Set the Default SSO Roles to "Read Only". Do not use any of the other roles.
    9. Log out from Younium, at next log in at app.eu.younium.com SSO should be enabled

You are now done with setting up your SSO connection. A common problem if does not work is the DNS validation. Please ask the Younium support to check/enable the DNS validation.

 

User creation via identity provider is not supported. The user must be created in both Younium and your identity provider.

 

SSO using SAML and Google workspace

To set up SSO for Younium using SAML and Google Workspace log into the Younium application as a System administrator and do the following:

 

  1. Talk to your Younium CSM to ensure that SSO is part of your contract. Your Younium CSM needs to enable SSO for you. 
  2. Enable the SSO permission by doing the following: Settings> Roles> System Administrator> Enable the permission Single sign on Settings under the section Security.
  3. Log into Younium with a user that have System administrator permissions and do the following:
    1. Click on your name in the top right corner, select Privacy & Security
    2. Under Workspace select SSO and Setup SSO connection
    3. Under the SAML section select Google
    4. Follow the wizard to finalize the setup
    5. During the final step the guide will ask you to set Default SSO Roles, set the role "Read Only". Do not select any of the other roles. 
    6. Finalize the guide

User creation via identity provider is not supported. The user must be created in both Younium and your identity provider.

 

SSO using OIDC and Azure

To set up SSO for Younium using OIDC and Microsoft Azure log into the Younium application as System administrator and do the following:

 

  1. Talk to your Younium CSM to ensure that SSO is part of your contract. Your Younium CSM needs to enable SSO for you. 
  2. Enable the SSO permission by doing the following: Settings> Roles> System Administrator> Enable the permission Single sign on Settings under the section Security.
  3. Log into Younium with a user that have System administrator permissions and do the following:
    1. Click on your name in the top right corner, select Privacy & Security
    2. Under Workspace select SSO and Setup SSO connection
    3. Under the OpenID section select Custom OpenID
    4. At the Step Create an Application with your IdP, skip this step (and do not use the URL displayed during this step). Press Next
    5. Provide your Issuer URL at the step 2 (named: Provide your Issuer URL) in the Setup guide by pasting your OIDC metadata document URL (well-known) from your Azure app in the URL section below and click "Next."
    6. Enter your Application (client) ID and Client Secret from your Azure Configuration, then

      click "Next."

    7. Click "Continue to claim domain". In the next step, you must claim your SSO domain. Follow the DNS record setup instructions. If you run into any problems with validating your Domain, please reach out to Younium support. 
    8. Set the default roles for SSO users, standard settings is "Read Only". Do not use any of the other roles
    9. Log out from Younium, at next log in at app.eu.younium.com SSO should be enabled

You are now done with setting up your SSO connection. A common problem if does not work is the DNS validation. Please ask the Younium support to check/enable the DNS validation.

 

User creation via identity provider is not supported. The user must be created in both Younium and your identity provider.

 

SSO using SAML and Azure

To set up SSO for Younium using SAML and Microsoft Azure log into the Younium application as a System administrator and do the following:

 

  1. Talk to your Younium CSM to ensure that SSO is part of your contract. Your Younium CSM needs to enable SSO for you. 
  2. Enable the SSO permission by doing the following: Settings> Roles> System Administrator> Enable the permission Single sign on Settings under the section Security.
  3. Log into Younium with a user that have System administrator permissions and do the following:
    1. Click on your name in the top right corner, select Privacy & Security
    2. Under Workspace select SSO and Setup SSO connection
    3. Under the SAML section select Azure
    4. Follow the wizard to complete the setup
    5. During the finalization steps the application will ask you to select a "Default SSO role". In this step it is important to select the role "Read Only" from the dropdown. Do not select any of the other roles. 
    6. Finalize the guide

User creation via identity provider is not supported. The user must be created in both Younium and your identity provider.

 

 

Deprecation of the Legacy API Authentication Method - 31st of May 2026

Younium is sunsetting its Legacy API authentication method. If you built any API integration to Younium before April 2024 and have not updated it to our current one, as described in our API documentation, you need to do so before 31/5 - 2026. You find our API documentation here.

 

What is Youniums Legacy API authentication method?

Before April 2024 Younium used a username and a password for APIs to fetch a token. This was normally a Younium user created for this specific user but it could be done with any user within Younium.

April 2024 we started to roll out our new authentication method for users. Connections using the old authentication method with username & password will continue to work until the Legacy authentication method is depricated.


Introduction of new authentication method for Younium

In April 2024 we started to roll out our new authentication method to all our customers. The purpose of this was to be able to provide a higher level of security with secure passwords, MFA, SSO, and the requirement of real email addresses to work. As part of that update, Younium now supports API authentication with Client token and Secret.

 

Recommendations on how to swap authentication method

We strongly recommend you create a new user intended to be used as an integration user. For future transparency, it is recommended to create a dedicated user for this purpose named api_integration@demo.com or similar. Then with that user create a client token and secret and start working on updating your integration.


Still having questions?

We are here to help! Please reach out to Younium Support and we will guide you further.

 

FAQ

Here we have tried to collect as many answers as possible connected to our migration to Youniums new authentication platform. 

 

Q:What URL should I use after migration

A: app.eu.younium.com

 

Q: It seems that my activation link have expired, and I can not activate my user?

A: Use the url app.eu.younium.com and reset the password. This will give you the same result. Once a password is set you can access Younium again. 

 

Q: We are a company group where same email addresses have been used to different Younium environments. These users can no longer login. 

A: To improve security a user in Younium now requires a real email adress. Contact Younium support with a real email and we will update your user. A work around is also to create a new user with a email alias eg. james.brown+customer1@customer.com or to exclude that specific user with the same process as a legacy API user can be excluded for a period of time. See this article.

 

Q: Why can I not log into Younium

A: After too many failed log in attempts your user can be inactivated. Please ask your internal Younium Admin to check that your user is Active in Settings > Admin > Users

B: Double check that you are using the correct domain Europe, United States or Classic.