As your organization grows, managing multiple login credentials across various platforms can become cumbersome. Single Sign-On (SSO) offers a streamlined solution, enabling team members to access Iterate using their existing credentials from their Identify Provider (IdP). This guide will walk you through the process of enabling SSO for your team and migrating existing users.

Our Large and Enterprise plans allow you to enable SSO for your organization.

1. Reach Out to Support

To begin the process of enabling SSO for Iterate, the first step is to reach out to the Iterate support team using live chat on your Iterate dashboard.

2. Selecting an Identity Provider

Next, you must choose an Identity Provider (IdP) to handle authentication. Iterate supports any provider that uses the OpenID Connect (OIDC) or SAML 2.0 standards. Common options include Google Workspace, Microsoft Entra ID (formerly Azure Active Directory), and Okta.

If your organization uses a different IdP that supports these standards, it will work with Iterate as well.

3. Follow these additional steps for your specific SSO provider

Google Workspace

Follow the instructions here to complete the configuration:

Microsoft Entra ID (formerly Azure Active Directory)

There are no additional steps required. When you connect your account to SSO (see below), you will be prompted to approve the Iterate app, which will automatically add an instance of the Iterate application into your directory.

Okta

Follow the instructions here to complete the configuration:

Other SSO Provider

You'll need to input your Client ID, Client Secret, and Provider URL. The Provider URL is the URL where we can find your OIDC Connect Discover well-known URL. For example if your well-known URL is: https://server.com/example/.well-known/openid-configuration then you should enter https://server.com/example as the Provider URL.

4. Optional: Requiring SSO

You have the option to make SSO mandatory for all team members. When SSO is required, users can no longer log in using an email and password; instead, they must authenticate through the chosen IdP.

Now that you've enabled SSO, you can go to the 'Personal' section of your settings page and see a button to log in with your SSO provider. Once complete, your account will be associated with your account, and you can log in using SSO.

Once you've connected your account to SSO, when you go to the login page, select "Single Sign-on" and enter your email address. You'll be redirected to your SSO provider to complete the login flow.

If you already have team members who currently log in to Iterate using their email addresses and password, you can seamlessly migrate them to the new SSO method. The migration process is as follows:

With SSO Required

For companies who make SSO required, the next time their team members attempt to log in to Iterate, they will be prompted with a notice informing them of the change. An email will also be sent, guiding them through the process of connecting their Iterate account with the SSO Identity Provider.

With SSO Optional

For companies that don't require SSO, team members can proactively adopt SSO. After enabling SSO, these users can navigate to their account settings page to connect their account to the designated Identity Provider. Once successfully connected, they will have the option to log in to Iterate using SSO.