Skip to main content
Connect your identity provider using guided SSO wizard
This guide walks you through setting up Single Sign-On (SSO) for your organization using your identity provider’s guided wizard.

Prerequisites

Before you begin, ensure you have:
  • Administrator access to your identity provider
  • Organization admin privileges
  • Domain verification completed for your organization
  • SSL certificate configured on your IdP (recommended)

Setup guide

Access SSO configuration

1

Navigate to integrations

  1. Go to Settings > Integrations
  2. Find Single Sign-On in the Organization section
2

Start setup wizard

  1. Click Setup or Add SSO Provider
  2. The SSO setup wizard will open with guided configuration
  3. Select your identity provider from available options (Azure AD, Google Workspace, Okta, custom SAML/OIDC)

Configure identity provider

1

Follow configuration guide

Follow the step-by-step instructions specific to your chosen identity provider to configure your IdP with required settings
2

Configure connection details

Enter the required information from your identity provider setup:
  • Entity ID: Your organization’s unique identifier in the IdP
  • Client ID: The application ID registered in your IdP
  • Client Secret: The secret key used to authenticate with the IdP
Note the callback URL provided for configuring in your IdP settings
3

Create connection

Save the configuration to create the SSO connection (this creates the connection but doesn’t yet link it to your organization)

Configure domain settings

1

Review default managed domain

Your organization’s email domain is automatically included as a managed domain for SSO (requires no additional verification)
2

Add additional domains (optional)

  1. Click Add Domain if you need additional email domains
  2. Additional domains require domain ownership verification
  3. Add the provided TXT record to your domain’s DNS settings
3

Domain realm discovery

Domain realm discovery is automatically enforced for all managed domains
Users with email addresses from managed domains will be automatically redirected to your SSO provider and cannot use username/password authentication. Maintain at least one admin account with an email from a non-managed domain as backup.

Test and complete setup

1

Test SSO configuration

  1. Use the built-in test functionality to verify your SSO configuration
  2. Review test results to ensure authentication is working properly
  3. Resolve any issues shown in the test results
2

Complete setup

  1. Click Complete Setup after testing is successful
  2. Verify your SSO identity provider appears as connected in Organization Integrations
  3. Inform team members about SSO activation and login instructions

Troubleshooting

Cause: Incorrect certificate or signature validation issuesSolution:
  • Verify certificates and keys are correctly configured
  • Ensure proper formatting of authentication credentials
  • Check that the IdP is using the correct signing configuration
Cause: Incorrect attribute mapping configurationSolution:
  • Verify attribute names match those sent by your IdP
  • Check authentication response in browser developer tools
  • Ensure all required attributes are being sent by the IdP
Cause: User’s email domain is not added to SSO configurationSolution:
  • Add the user’s email domain to the configured domains list
  • Ensure domain verification is completed
Cause: Configuration mismatch or network connectivity issuesSolution:
  • Double-check all configuration values in both systems
  • Verify callback URLs are accessible and correct
  • Check IdP logs for specific error messages
  • Test network connectivity between systems

Features

Once connected, you can manage SSO configuration:

User management

Manage SSO users, handle provisioning, and set permissions

Monitoring & maintenance

Monitor authentication activity and maintain configuration

Advanced troubleshooting

Diagnose and resolve authentication issues