Single Sign-On Configuration
Enterprise customers can enable SSO for streamlined authentication using your existing identity provider.
Supported Providers
We support:
- Okta
- Azure Active Directory
- Google Workspace
- OneLogin
- Auth0
- Custom SAML 2.0 providers
Prerequisites
- Enterprise plan
- Admin access to your IdP
- Domain verification
Setup Process
- Contact support to enable SSO
- Provide your domain name
- Receive SSO configuration details
- Configure your IdP with our details
- Provide us with your IdP metadata
- Test SSO with a pilot user
- Enable for all users
Configuration Details
You'll need:
Entity ID: https://example.com/sso
ACS URL: https://example.com/sso/acs
SLO URL: https://example.com/sso/sloUser Provisioning
Automatic user provisioning via SCIM:
- Auto-create users on first login
- Sync user attributes
- Update user information
- Deactivate users
Group Mapping
Map IdP groups to roles:
- Admin group → Admin role
- Developer group → Member role
- View-only group → Viewer role
Just-in-Time Provisioning
Users created automatically when:
- They sign in via SSO for the first time
- Their email domain matches verified domain
- They're assigned to app in IdP
Testing SSO
- Use test user credentials
- Visit your SSO login URL
- Verify redirect to IdP
- Complete IdP authentication
- Confirm redirect back to our platform
- Check user created with correct role
Troubleshooting
Common issues:
- SAML response invalid: Check certificate
- User not found: Enable JIT provisioning
- Wrong role assigned: Review group mappings
Comments
0 comments
Please sign in to leave a comment.