Documentation
HomeChangelogBlog

Single Sign-On (SSO)

Suggest Edits

Overview

You can configure your Sifflet account to allow users to sign in using Single Sign-On (SSO) in order to reduce password fatigue and secure accesses.

Set Up SSO

Sifflet supports SAML2-based SSO for the below Identity Providers (IdPs):

Supported IdPs

Supported IdPs

Supported Sign In Methods

Sifflet supports Service-Provider-Initiated (SP-Initiated) SSO: the sign in process starts on Sifflet login page.

User Provisioning

You can leverage Just-In-Time (JIT) user provisioning to have users be automatically provisioned as they sign in for the first time to Sifflet.

JIT user provisioning is by default turned on but you can turn it off if you want to make sure that only a specific subset of users can access your Sifflet account.

JiT User Provisioning Setting

JIT User Provisioning Setting

Note: If a user was created before their first time logging in with SSO on a tenant with JIT enabled, the user will keep their original permissions and won't inherit JIT default permissions after their first SSO log in.

Default permissions for JIT users

By default, permissions of JIT-created users are: System Viewer and Domain Viewer on the All domain.

These permissions can be customized how ever you see fit.

Note: If you don't want users to access any assets after their JIT-based creation, you can create an empty domain and use it as in the default permissions of JIT users.

Alternate Authentication Method

Tick the Allow email/password authentication checkbox to allow users to log in to Sifflet through Single Sign-On (SSO) or username/password.

This setting allows all users with a password to log in to Sifflet through a username/password combination: users who had their password created before this setting was turned on and users who got their password created after this setting was turned on.

Users who didn't have their password created by a user or access token with a Admin permissions won't be able to log in through username/password.

Note: To create a password for a user, use the reset password feature in the UI or via the API.

Example Login Page With an Activated ”Alternate Authentication Method” Setting

Example Login Page With an Activated ”Alternate Authentication Method” Setting

Updated 3 months ago