SafetyCulture
Last updated:

Manage single sign-on (SSO) login settings

Learn how to manage single sign-on (SSO) login settings for your SafetyCulture organization.

What single sign-on (SSO) settings are available?

To tailor the SafetyCulture authentication flow to something that makes the most sense to your organization, you can manage single sign-on settings to shape how your users log in to the platform.

Login type

The login type setting controls whether your users can use their own SafetyCulture account password or can only log in via SSO.

  • Allow SSO and native login: This setting allows users to choose between logging in with their SSO account or their SafetyCulture account password.

  • Allow SSO login only: This setting allows users to log in using their SSO account only. If a user is only in one organization, they'll be taken directly to their SSO portal after entering their account email.

  • Enforce SSO for named domains: This setting combines the two other settings based on a user's account email.

    • If a user's email domain matches the ones configured for their organization's SSO connection, they can only log in using their SSO account.

    • If a user's email domain doesn't match the ones configured for their organization's SSO connection, they can log in using their password and still have the option of using their SSO account if it applies to them.

IdP-initiated login

The IdP-initiated login setting controls whether your users can log in to SafetyCulture from your SSO portal. Please note that some identity providers might not support this login method.

  • When turned on: Users can log in to their SSO portal first, then open SafetyCulture from the portal and log in at the same time.

  • When turned off: Users can only log in directly from SafetyCulture.

What you'll need

Manage SSO login type

  1. Log in to the web app.

  2. Click your organization name on the lower-left corner of the page and select Organization settings.

  3. Select Security at the top of the page.

  4. Click Pencil iconEdit in the "Single sign-on (SSO)" box.

  5. Click the dropdown menu for "Login type" and select one of the options accordingly. Manage SSO login settings via the web app.

  6. Click Save changes.

Turn IdP-initiated login on or off

  1. Log in to the web app.

  2. Click your organization name on the lower-left corner of the page and select Organization settings.

  3. Select Security on the top of the page.

  4. Click Pencil iconEdit in the "Single sign-on (SSO)" box.

  5. Turn "IdP-initiated login" on or off accordingly. Turn IdP-initiated login on or off via the web app.

  6. Click Save changes.

We advise against turning "IdP-initiated login" on as it may pose security risks.

Frequently asked questions

Yes, you can do so by updating your organization's SSO login type setting to "Enforce SSO for named domains". Once selected, the setting will enforce SSO login based on a user's account email.

  • If a user's email domain matches the ones configured for their organization's SSO connection, they can only log in using their SSO account.

  • If a user's email domain doesn't match the ones configured for their organization's SSO connection, they can log in using their password and still have the option of using their SSO account if it applies to them.

Need more help?
Email
Phone
Ask the community

Thank you for letting us know.

If you would like a reply from someone, please contact us atsupport@safetyculture.com.

In this article