ð SAML Single Sign-On (SSO)
Last updated
Last updated
Our application supports SAML-based Single Sign-On (SSO) to help organizations centrally manage user authentication through their Identity Provider (IdP), such as Okta, Azure AD, or Google Workspace.
By default, we use Google OAuth to authenticate users. However, once SAML is enabled, Google Sign-In will be disabled. All users in your organization will be required to log in using your configured SAML Identity Provider.
In your admin settings:
Navigate to the Authentication section.
Enable the SAML Enabled toggle.
Fill the SAML Metadata of your Identity Provider.
Save the configuration.
ð Your metadata XML typically starts with:
You will need the service metadata to configure our service within your Identity Provider. To obtain it, on the same page, click on the Service Provider Metadata button. You should see a modal with the following information
Entity ID
ACS (Assertion Consumer Service) URL
NameID Format
Use this information to configure a new SAML application in your IdP.
Once configured:
Test logging in via your Identity Provider. To do so, click on Sign in with SSO button.
Sign in with Google will not work anymore, unless you disable SAML.
SSO must be used on the Web version and on the Admin too.
Ensure user accounts match by email address (as per NameID format).
If you encounter any issues, feel free to reach out to our support team for assistance.
We also support SCIM (System for Cross-domain Identity Management) to allow automated provisioning and deprovisioning of users from your Identity Provider.
With SCIM, you can:
Automatically create users in our platform when they're assigned access in your IdP.
Automatically deactivate users when they're unassigned or removed in your IdP.
Sync user attributes like name, email, and groups.
To enable SCIM:
For now we only support Bearer Token authentication that must be configured on the Admin.
The base be obtained by cliking on the SCIM Endpoint button.
Configure your Identity Provider (Okta, Azure AD, etc.) with the provided SCIM endpoint and token.
Set up attribute mappings as needed.
ð SCIM is optional but highly recommended for teams managing users at scale.