When SSO customer users leave their company

Hello folks!

We’re looking to bring CC into our company, but I’m confused about a scenario perhaps you could help with.


Meet Jane. Jane could be a user at ABC Corp, a customer of ours.

Now of course, we want Jane to be SSO logged into the the Community so she gets the custom role as customer and access to customer-only areas like roadmap and beta stuff.


Jane gets a new job at XYZ Inc. XYZ Inc is NOT a customer of ours but we don’t want Jane to lose access to the wider public community stuff, she’s a great advocate for us.



  1. What happens when Jane leaves ABC Corp and wants to log into the community - is she able to as she no longer has access to her ABC Corp email address, nor our product login.
  2. How do we know she’s left? As Gainsight articles support, we don’t want to be an HR system so want the switch from customer user to public user seamless and easy for Jane.
  3. When Jane joins XYZ Inc which email/login does she use? Her new company email won’t be associated with her Gainsight CC user.


Any help and advice would be very much appreciated - we love our customer champions and when they move companies we want them to remain part of our world.




@sheridancollard fyi 



3 replies

Userlevel 1

That’s a question we had to deal with. Presumably you have a CRM containing a database of your customers? And since you mention SSO, do you have your own SSO setup?

That’s what we have. We connected Gainsight’s login to our SSO. When Jane logs in, the SSO queries the CRM to find Jane’s status (customer, partner, staff member) and passes it to Gainsight. I’m not that involved in that side of things, so I don’t know details, but I know that’s how it’s roughly set up.

So each time Jane logs in, her existing roles are wiped out and replaced with what is stored in the CRM. That way the CRM is always the source of truth and if Jane goes from a partner to a plain customer, her Gainsight role is automatically updated. The sales team keeps the CRM up to date, so we don’t have to worry about it.

The one drawback: because all existing roles are wiped each time Jane logs in, we can’t create custom roles on the community platform. e.g. If we wanted to tag Jane as a “community champion”, we’d have to include that info in what the CRM passes to the SSO. That’s more annoying than it sounds!

As for the login address, I believe (I could be wrong) that you would simply update Jane’s record in your CRM with her new email address.

I hope that helps,


Thanks Mark. 

For our Academy we pass the user account from our product so for existing customer users that should work well here too, but certainly something we’ll have to dive into.

Userlevel 3

Wanted to share this related discussion and enhancement request @Mark Green Consensus