When users in your firm sign in to Actionstep Practice Management, you can mandate they use single sign-on (SSO) and multi-factor authentication (MFA). Forcing these options can improve security and provide a seamless sign-in experience for your staff.

• SSO enforcement: This option enables your organization to enforce sign-in policies for your users by removing individual ID and password authentication options and forcing users to use your corporate identity providers (e.g., Google sign-in or Microsoft sign-in).
• MFA enforcement: This option enables your organization to force users to complete the multi-factor authentication setup when they first sign in to Actionstep. Users will no longer be able to dismiss/postpone this MFA setup step. (You can also disable this reminder permanently without requiring MFA.)

Both SSO and MFA enforcement options allow you to exclude individual users from the requirements. For example, you may have contractors or other types of users that do not meet the SSO or MFA requirements your regular users do, so you can add them to exclude lists and they won't be prompted to complete these types of sign-ins.

To use these options:

1. In Practice Management, go to Admin > Users & permissions. The Users & Permissions page appears.
2. Click Authentication settings on the right side of the page. The Authentication Settings page appears.
3. Make sure Core settings on the left side of the page is selected. 

4. To force users to complete their MFA setup, toggle Enforce Multi-factor Authentication (MFA) to on.

   NOTE:  If you leave this option toggled to off, the Actionstep's MFA is not required option is shown. Toggling Actionstep's MFA is not required to on will suppress the Multi-factor Authentication page entirely, and when a user signs in, they will be taken to their selected landing page in Practice Management.

   Note: If your users have enabled MFA at the user profile level, they will still be prompted for a code when they sign in. If they no longer want to use MFA, they'll need to disable it. See Setting Up Individual Multi-Factor Authentication (MFA) for instructions.

5. To force users to instead sign in with Microsoft or Google, toggle Enforce Single Sign-On (SSO) to on and optionally select your Preferred SSO Provider from the drop-down list. 
   Please note, if you select this option, the Email and Password fields will still be shown but if the user attempts to sign in using these fields, they will be asked to use Microsoft or Google.), 
6. Optionally, if you have users who can bypass either the MFA or SSO options, click Add User for that option and then select the users.
7. Click Save to save your changes and enforce your authentication selections.

NOTES: 
• If your firm enables Enforce Single Sign-On (SSO) and a user attempts to sign in to Practice Management from somewhere other than the standard sign-in page (like the sign-in window for the Outlook add-in), they will be prompted to use the SSO option your firm requires. They will not be able to use their ID and password. 
• It may take 24 hours or more for changes to SSO enforcement to take effect.
• Similarly, if your firm enables Enforce Multi-Factor Authentication (MFA) and a user has not completed their authentication, when they attempt to sign in from a non-standard sign-in page (like the Outlook add-in), they will be prompted to sign in from Actionstep's primary sign-in page first. They can then try to sign in again from the Outlook add-in.

Additional Resources:

• Setting Up Multi-Factor Authentication (MFA)
• Logging In with Microsoft or Google Sign-On (SSO)
• Logging In to Actionstep

Updated June 18, 2026 12:56