How to configure SAML-based SSO so your team logs into the BRANDED IAM portal using your existing identity provider.
Single Sign-On (SSO) allows your team to access the BRANDED IAM portal using the same credentials they use for everything else in your organization — eliminating separate passwords and centralizing authentication through your identity provider (IdP).
Supported Identity Providers
- Microsoft Entra ID (Azure Active Directory)
- Google Workspace
- Okta
- OneLogin
- Any SAML 2.0-compatible identity provider
Prerequisites
- A verified domain on your portal account (contact your account manager if not set up).
- Admin access to your identity provider.
- A Business or Managed plan — SSO is not available on Starter plans.
Setup Process
- Submit a ticket under Technical & Integrations → SSO Setup specifying which identity provider you use.
- Our team will provide you with the BRANDED IAM SAML metadata URL and SP entity ID.
- Configure a new SAML application in your identity provider using these values and send us your IdP metadata URL.
- We complete the configuration on our end and enable SSO for your domain.
- Test with a non-admin account before rolling out to your team.
After SSO Is Enabled
Team members who log in with an email address from your domain will be redirected to your identity provider for authentication. New employees added in your IdP automatically get portal access at their assigned role level. Employees removed from your IdP lose portal access within the next sync cycle (typically 1 hour).