Single Sign-On (SSO) is an alternative to using the native piplanning.io Username + Password credentials for user authentication. piplanning.io supports the following protocols for SSO:
OIDC: Open ID Connect
SAML: Security Assertion Markup Language
Enabling Single Sign-On
Navigate to: RTE Cockpit > SSO
Select the button for the corresponding protocol you wish to configure
For SAML - please activate SSO and then contact us to finalize the setup...
For OIDC - please follow the instructions related to your Identify Provider (IdP) in the linked articles below
ℹ️ SSO is available on the Premium or Enterprise pricing plans. Please contact us by either using the chat/messenger bot or emailing us at [email protected] if you wish to have SSO enabled.
SSO Authentication Only
To strictly use SSO only for User authentication, and prevent Users from using their native piplanning.io credentials; simply check the checkbox ☑️Prevent credential login / SSO only at the bottom of the SSO page.
IMPORTANT: You can potentially lock yourself out of piplanning.io. After this setting is enabled, if SSO is not responding no user will be able to login. If you get to this point where you are not able to login to the RTE Cockpit > SSO page and revert this setting the please do either of the following:
piplanning.io Cloud customers can contact us to assist with restoring access.
piplanning.io On-premise customers, you need to follow custom instructions to gain access to piplanning.io by authenticating with the SSO/IdP.
In either case, please reach out to us over via the Chat/Messenger bot or by emailing [email protected].
Creating New Users when SSO is Enabled: Onboarding Users
Note: with SSO enabled, the User authentication tasks will now be performed by the Identity Provider (IdP) that is connected.
This authentication step will need to happen when onboarding new Users into piplanning.io. Below is information to help you manage new User onboarding when SSO is enabled:
On the RTE Cockpit > Users page, the Create new User button will disappear
You can onboard new Users in 2x ways:
Invite them to be a member of a Team by editing the Team and adding their email address to the Add members > Invite new field on the Team page. An outline of the steps involved in this workflow, and how the User will be engaged are outline in this Help Article: User Onboarding.
Sharing the direct link to your organizations piplanning.io instance which is available on the Users page.
1. When SSO is enabled invite new Users to the Team they belong too via email.
2. Alternative method: share the direct link with new Users. They click the link, are then redirected to SSO for authentication, and once that is successful their new User account will be created.