For relevant information for accounts that existed before May 2024 with SSO users before migrating to the Own Data Platform, see SSO Users Migrating to Own Data Platform.
We support single sign on using SAML 2.0. Instead of relying on our local authentication for password and security policies, you may set your own authentication using your managed Identity Provider.
We use SAML 2.0 and support IdP-initiated flows only. Therefore, to authenticate, the IdP must allow the SAML Assertion to be used. The SSO application needs to be created in your IdP provider before enabling SSO in the platform.
The following are quick guides for setting up common IdPs:
If there was an issue with the SSO setup, the Master Admin user can still log in with their email and password to debug.
Once SSO is activated, logging in with email and password is disabled for all accounts.
Most password policies and security measures in the Own Data Platform change when you enable single sign on via SAML:
The next time a user from your account attempts to log in, they will be forced to reset their password.
If you need to update your identity provider issuer and/or certificate, the new credentials won’t activate until a user logs in with IdP.
NOTE: The Master Admin user who created the change will be able to access the account with their username and password until SSO is activated. They will need to reset their password on the sign in page in order to set up their password. If MFA was enabled before switching to SSO, then it will apply until SSO is activated.
If no one logged in with the updated SSO credentials after 48 hours, the account reverts to the password authentication method, and all users will be required to reset their password on sign in.
To update your SSO: