All Collections
FAQ
General
SSO
SSO (Single Sign-On)
SSO (Single Sign-On)

Enable Single Sign-On to allow your team to login to Iterate using your existing Identity Provider (IdP)

Updated over a week ago

As your organization grows, managing multiple login credentials across various platforms can become cumbersome. Single Sign-On (SSO) offers a streamlined solution, enabling team members to access Iterate using their existing credentials from their Identify Provider (IdP). This guide will walk you through the process of enabling SSO for your team and migrating existing users.

Our Large and Enterprise plans allow you to enable SSO for your organization.

Enabling SSO for Your Team

1. Reach Out to Support

To begin the process of enabling SSO for Iterate, the first step is to reach out to the Iterate support team using live chat on your Iterate dashboard.

2. Selecting an Identity Provider

Next, you must choose an Identity Provider (IdP) to handle the authentication process. Iterate currently supports four popular IDPs: Azure Active Directory, Okta, Google, and ForgeRock. If you wish to use a different IDP, kindly request support to add it to the list of supported providers.

3. Follow these additional steps for your specific SSO provider

Azure Active Directory

There are no additional steps required. When you connect your account to SSO (see below), you will be prompted to approve the Iterate app, which will automatically add an instance of the Iterate application into your directory.

Okta

Follow the instructions here to complete the configuration:

Google Workspace

Follow the instructions here to complete the configuration:

ForgeRock

You'll need to input your Client ID, Client Secret, and Provider URL. The Provider URL is the URL where we can find your OIDC Connect Discover well-known URL. For example if your well-known URL is: https://server.com/example/.well-known/openid-configuration then you should enter https://server.com/example as the Provider URL.

4. Optional: Requiring SSO

You have the option to make SSO mandatory for all team members. When SSO is required, users can no longer log in using an email and password; instead, they must authenticate through the chosen IdP.

Connecting Your Account to SSO

Now that you've enabled SSO, you can go to the 'Personal' section of your settings page and see a button to log in with your SSO provider. Once complete, your account will be associated with your account, and you can log in using SSO.

Logging in with SSO

Once you've connected your account to SSO, when you go to the login page, select "Single Sign-on" and enter your email address. You'll be redirected to your SSO provider to complete the login flow.

Migrating Users to SSO

If you already have team members who currently log in to Iterate using their email addresses and password, you can seamlessly migrate them to the new SSO method. The migration process is as follows:

With SSO Required

For companies who make SSO required, the next time their team members attempt to log in to Iterate, they will be prompted with a notice informing them of the change. An email will also be sent, guiding them through the process of connecting their Iterate account with the SSO Identity Provider.

With SSO Optional

For companies that don't require SSO, team members can proactively adopt SSO. After enabling SSO, these users can navigate to their account settings page to connect their account to the designated Identity Provider. Once successfully connected, they will have the option to log in to Iterate using SSO.

Did this answer your question?