Skip to main content
Available on: Professional, Enterprise | Role: Organization Owner only | Status: Generally Available

Overview

Enterprise SSO lets your organization use existing identity providers (Azure AD, Okta, Google Workspace, or custom SAML 2.0) for authentication. Users sign in with their corporate credentials instead of managing separate passwords.

Available SSO Providers

ProviderProtocolPlans
Google OAuthOAuth 2.0All plans
Microsoft OAuthOAuth 2.0Professional+
Azure AD (Entra ID)SAML / OAuthProfessional+
Google WorkspaceSAMLProfessional+
OktaSAMLProfessional+
Custom SAML 2.0SAMLProfessional+

Setting Up SSO

1

Navigate to SSO Settings

Go to Workspace > Organization Settings > SSO Configuration.
2

Select a Provider

Choose the identity provider you want to configure. Each provider has its own setup requirements.
3

Configure the Connection

Enter the required details for your identity provider:
  • Azure AD: Tenant ID, Client ID, Client Secret
  • Okta: Okta domain, Client ID, Client Secret
  • Google Workspace: Domain, Client ID
  • Custom SAML: SAML Metadata URL or manual configuration
4

Test the Connection

Use the Test button to verify the SSO configuration works before enabling it for all users.
5

Enable SSO

Toggle the SSO provider to Active. Users will see the SSO option on the sign-in page.

SSO User Behavior

  • Auto-verification — SSO users are automatically verified (no email confirmation needed)
  • Auto-provisioning — New users are created on first SSO sign-in
  • Role assignment — New SSO users get the organization’s default role

Disabling an SSO Provider

When you disable an SSO provider, affected users receive a recovery email allowing them to reconnect with a different authentication method. Make sure users are aware before disabling.