Single Sign-on
This feature is available to Enterprise customers.
Single sign-on (SSO) allows you to use your own provider of user account management, authentication, and authorization services to register and log in to .
supports the following protocols:
- Open ID Connect (OIDC)
- SAML 2
supports the following identity providers (IdPs):
You configure SSO for each of your organizations separately.
You can prevent your organization members from accidentally creating their own self-service accounts by claiming a domain. After you set up SSO, claim your email domain so can recognize your new users. Any new user who signs in with your claimed email domain gets a prompt to use SSO.
Double-check your SSO configuration before you click Save on the SSO settings page. When you click Save, enables SSO with the settings you provided. You will be logged out immediately. You won't be able to log in with your credentials anymore.
Click Organization in the left sidebar.
Click the SSO tab.
Click SSO configuration.
Enter a Namespace. You can enter any text that describes your organization. Users will need to enter your organization's namespace on the SSO login page. Namespace must include only lowercase characters and dashes.
Select an SSO type.
Fill in the protocol-specific information as described in either the Open ID Connect or SAML section of this article.
Under Team provisioning for new user, select which teams new users who log in will become members of. You can choose to not add new users to any team.

Click Save.
enables SSO with the settings you provided and logs you out immediately. You can now log in with your SSO provider credentials. At the same time, you receive an email with a one-time link, which you can click to disable SSO.
When logging in using SSO for the first time, you must use an account that is the owner of the organization and has the same email address as the account that you used to configure SSO. Make sure that you assign the same email address to the user in your identity provider.
When is configured to use SSO, users don't use the default sign-in form. Instead, they use the dedicated SSO sign-in options.
- Click Sign in with SSO.
- Enter the namespace you chose for your organization.
- Log in using your identity provider and consent to 's access to your user data.
The user is now logged in. If the user was not assigned to your organization before, the system creates a new user account for them and assigns them to the selected default team.
If a user with the same email address already existed in the organization before you configure SSO, they will not have access to the organization's data. To solve this, delete the user from the organization and ask them to log in again using SSO.