Skip to main content
All CollectionsRTE CockpitSetup Single-Sign On (SSO)
Single Sign-On (SSO): Getting Started
Single Sign-On (SSO): Getting Started

Improve the security and convenience of User authentication by setting up SSO using either the SAML or OIDC protocols

Updated over a week ago

Single Sign-On (SSO) is an alternative to using the native piplanning.io Username + Password credentials for user authentication. piplanning.io supports the following protocols for SSO:

  • OIDC: Open ID Connect

  • SAML: Security Assertion Markup Language

Enabling Single Sign-On

  1. Navigate to: RTE Cockpit > SSO

  2. Select the button for the corresponding protocol you wish to configure

    1. For SAML - please activate SSO and then contact us to finalize the setup...

    2. For OIDC - please follow the instructions related to your Identify Provider (IdP) in the linked articles below

ℹ️ SSO is available on the Premium or Enterprise pricing plans. Please contact us by either using the chat/messenger bot or emailing us at [email protected] if you wish to have SSO enabled.

SSO Authentication Only

To strictly use SSO only for User authentication, and prevent Users from using their native piplanning.io credentials; simply check the checkbox ☑️Prevent credential login / SSO only at the bottom of the SSO page.

Prevent piplanning.io Credential Login. Enforce SSO only authentication.

IMPORTANT: You can potentially lock yourself out of piplanning.io. After this setting is enabled, if SSO is not responding no user will be able to login. If you get to this point where you are not able to login to the RTE Cockpit > SSO page and revert this setting the please do either of the following:

  • piplanning.io Cloud customers can contact us to assist with restoring access.

  • piplanning.io On-premise customers, you need to follow custom instructions to gain access to piplanning.io by authenticating with the SSO/IdP.

In either case, please reach out to us over via the Chat/Messenger bot or by emailing [email protected].

Creating New Users when SSO is Enabled: Onboarding Users

Note: with SSO enabled, the User authentication tasks will now be performed by the Identity Provider (IdP) that is connected.

This authentication step will need to happen when onboarding new Users into piplanning.io. Below is information to help you manage new User onboarding when SSO is enabled:

  • On the RTE Cockpit > Users page, the Create new User button will disappear

  • You can onboard new Users in 2x ways:

    1. Invite them to be a member of a Team by editing the Team and adding their email address to the Add members > Invite new field on the Team page. An outline of the steps involved in this workflow, and how the User will be engaged are outline in this Help Article: User Onboarding.

    2. Sharing the direct link to your organizations piplanning.io instance which is available on the Users page.

Onboard new Users via the Add members, Invite new input field on the Team page.

1. When SSO is enabled invite new Users to the Team they belong too via email.

2. Alternative method: share the direct link with new Users. They click the link, are then redirected to SSO for authentication, and once that is successful their new User account will be created.

Related Articles
PI Sessions - Getting Started
Managing Users
Map IdP Groups to piplanning.io Teams
Azure AD Integration
SSO using Okta
Did this answer your question?