Supported identity providers
Supports both SAML and OIDC identity providers:- Okta
- ADFS (Active Directory Federation Services)
- Entra ID (Azure AD)
- Google Workspace
- Keycloak
- PingFederate
- Custom SAML
- Custom OIDC
Benefits
Enhanced security
Centralized authentication with your organization’s security policies
Simplified access
One set of credentials for all workplace applications
User management
Provision and deprovision users through your identity provider
Compliance
Meet organizational security and compliance requirements
How SSO works
When your organization has SSO configured, Ravenna automatically detects and redirects users based on their email domain.Automatic SSO redirect
When a user enters an email address during login:- Domain detection - Ravenna checks if the email domain matches an organization with SSO enabled.
- Automatic redirect - If a match is found, the user is immediately redirected to your identity provider.
- Authentication - User authenticates with their corporate credentials.
- Authentication response - IdP sends authentication credentials back (SAML assertion or OIDC tokens).
- Access granted - User is logged in with appropriate permissions.
Users whose email domain matches an SSO-enabled organization are automatically redirected without needing to manually select “Sign in with SSO”.
Manual SSO access
Users can also manually initiate SSO by clicking “Sign in with SSO” on the login page, which is useful for:- Testing SSO configuration
- Accessing specific organizations when you have multiple accounts
- Bypassing automatic redirect if needed