Skip to main content

Single Sign-On

info

Single Sign-On (SSO) is only available for Workspaces on Enterprise Plan. Reach out to [email protected] for additional details.

Workspaces can optionally enable Single Sign-On for Workspaces. By enabling SSO, you can grant access to your Workspace to your users only upon authentication by your configured Identity provider.

Your Identity Provider must support OAuth + OpenID Connect for enabling SSO for your Workspace.

Enabling SSO

  1. Setup OpenID Connect configuration with your Identity provider using the provided Redirect URI for your Workspace.
  2. Provide the Client ID for your OIDC configuration.
  3. Provide the Client Secret for your OIDC configuration.
  4. Configure the Well-Known URL for your OIDC Identity Provider. This url ends with /.well-known/openid-configuration and will be provided by your Identity Provider.
  5. Toggle Active to turn on the configuration.
  6. Do not toggle Allow login with SSO only to ON until your test the SSO configuration to prevent you and all your users from being locked out of your Workspace. Once you have tested your SSO configuration, you can set this to ON to only allow user authentication via your Identity Provider.
  7. Click Save Changes

Testing SSO Configuration

  1. Once the SSO configuration is enabled, logout from the Workspace.
  2. On the Sign in screen, click Sign in with SSO button.
  3. Enter the email address to login with and click Sign in
  4. You will be automatically navigated to your SSO Provider to continue with login if there is only one Workspace with SSO configuration associated with your email address.
  5. If more than one Workspace with SSO configuration are associated with the provided email, the list of Workspace will be presented for the user to select to continue with the sign in operation.
  6. Once authenticated with the identity provider, you will be automatically logged into your Workspace.

Adding new users to SSO enabled Workspaces

We currently do not support creating user accounts via configured identify provider.

To add additional users to your Workspace, navigate to Users page and invite the users via their email address. The invited users will receive an email address with a unique link that allows creating a new account in the invited Workspace.

Multi-Workspace Scenarios

If you would like to setup SSO for multiple Workspaces, you need to setup SSO for each Workspace separately. If a user has multiple SSO enabled Workspaces, a list of Workspaces will be shown for user to select the Workspace to login to.