Employee-Controlled Accounts are accounts where the end-user manages the administration of the account on the web application.
With Employee-Controlled Accounts, the user can be aware of the username and password needed to access the SaaS application.
Company Managers can assign users to firm-specific Employee-Controlled Accounts. When assigned, the account will be listed on the user's website list. However, since Workplace requires the credentials of the user for the SaaS application, the saved bookmark may not function correctly until valid credentials are saved by the Company Manager or the User.
If a user is unassigned from an Employee-Controlled Account, additional steps need to be taken within the SaaS application to fully disable the account.
Company-Controlled Accounts are accounts in SaaS applications where the administrators in the firm or organization manage access to the SaaS application by using Security Assertion Markup Language (SAML).
SAML is a form of single-sign-on used by many enterprise software applications. Unlike other SSO scenarios, where the user’s credentials are passed from one system to the other, SAML integrations transfer the user’s identity securely from the Identity Provider (Workplace) to the Service Provider (web applications such as Fidelity and Salesforce), without the use of a password.
When a user's access to Workplace is disabled, access to the SaaS application is also disabled since Workplace is the Identity Provider.