Single Sign-On (SSO)
Overview
You can configure your Sifflet account to allow users to sign in using Single Sign-On (SSO) in order to reduce password fatigue and secure accesses.
Set Up SSO
Sifflet supports SAML2-based SSO for the below Identity Providers (IdPs):
- Okta
- Azure Active Directory
- Other SAML2-based IdPs such as ForgeRock, etc.
Supported IdPs
Supported Sign In Methods
Sifflet supports Service-Provider-Initiated (SP-Initiated) SSO: the sign in process starts on Sifflet login page.
User Provisioning
You can leverage Just-in-Time (JiT) user provisioning to have users be automatically provisioned as they sign in for the first time to Sifflet. Permissions of users created through SSO JiT default to:
Viewersystem roleAlldomain with theViewerdomain role
JiT user provisioning is by default turned on but you can turn it off if you want to make sure that only a specific subset of users can access your Sifflet account.
JiT User Provisioning Setting
Note: If a user was created before their first time logging in with SSO on a tenant with JiT enabled, the user will keep their original permissions and won't inherit JiT default permissions after their first SSO log in.
Updated about 23 hours ago