Connect your identity provider using guided SSO wizard
Prerequisites
Before you begin, ensure you have:- Administrator access to your identity provider
- Organization admin privileges
- Domain verification completed for your organization
- SSL certificate configured on your IdP (recommended)
Setup guide
Access SSO configuration
1
Navigate to integrations
- Go to Settings > Integrations
- Find Single Sign-On in the Organization section
2
Start setup wizard
- Click Setup or Add SSO Provider
- The SSO setup wizard will open with guided configuration
- Select your identity provider from available options (Azure AD, Google Workspace, Okta, custom SAML/OIDC)
Configure identity provider
1
Follow configuration guide
Follow the step-by-step instructions specific to your chosen identity provider to configure your IdP with required settings
2
Configure connection details
Enter the required information from your identity provider setup:
- Entity ID: Your organization’s unique identifier in the IdP
- Client ID: The application ID registered in your IdP
- Client Secret: The secret key used to authenticate with the IdP
3
Create connection
Save the configuration to create the SSO connection (this creates the connection but doesn’t yet link it to your organization)
Configure domain settings
1
Review default managed domain
Your organization’s email domain is automatically included as a managed domain for SSO (requires no additional verification)
2
Add additional domains (optional)
- Click Add Domain if you need additional email domains
- Additional domains require domain ownership verification
- Add the provided TXT record to your domain’s DNS settings
3
Domain realm discovery
Domain realm discovery is automatically enforced for all managed domains
Users with email addresses from managed domains will be automatically redirected to your SSO provider and cannot use username/password authentication. Maintain at least one admin account with an email from a non-managed domain as backup.
Test and complete setup
1
Test SSO configuration
- Use the built-in test functionality to verify your SSO configuration
- Review test results to ensure authentication is working properly
- Resolve any issues shown in the test results
2
Complete setup
- Click Complete Setup after testing is successful
- Verify your SSO identity provider appears as connected in Organization Integrations
- Inform team members about SSO activation and login instructions
Troubleshooting
Authentication response invalid
Authentication response invalid
Cause: Incorrect certificate or signature validation issuesSolution:
- Verify certificates and keys are correctly configured
- Ensure proper formatting of authentication credentials
- Check that the IdP is using the correct signing configuration
User attributes missing
User attributes missing
Cause: Incorrect attribute mapping configurationSolution:
- Verify attribute names match those sent by your IdP
- Check authentication response in browser developer tools
- Ensure all required attributes are being sent by the IdP
Domain not configured
Domain not configured
Cause: User’s email domain is not added to SSO configurationSolution:
- Add the user’s email domain to the configured domains list
- Ensure domain verification is completed
Test authentication fails
Test authentication fails
Cause: Configuration mismatch or network connectivity issuesSolution:
- Double-check all configuration values in both systems
- Verify callback URLs are accessible and correct
- Check IdP logs for specific error messages
- Test network connectivity between systems