Single sign-on
Single sign-on (SSO) authentication allows users to authenticate via their organization's third-party identity provider (IdP) and gain access to a different system by providing proof of their authentication.
For you, this means that you can delegate Dashboard team management, account creation, and authentication to a third-party IdP.
You can use any identity provider to enable SSO with Dashboard, as long as they support Security Assertion Markup Language 2.0 (SAML).
We recommend single sign-on as the default approach to Dashboard team management.
Information
To learn more, reach out to your Account Manager or [email protected].
You can use SSO to:
- Sign in to Dashboard directly through your SSO platform's portal.
- Grant, update, and revoke your team's Dashboard access.
- Mandate your organization's security policies, such as multi-factor authentication, password policies, and account recovery procedures.
Enabling SSO authentication in Dashboard can simplify user management, as user access and permissions are granted or revoked automatically based on the user's identity and assigned groups in your SSO platform.
In addition, as you can mandate and enforce authentication standards directly from the SSO platform, you can increase security around your Dashboard access.
There are some limitations to be aware of if you decide to enable SSO for the Dashboard:
Because the Dashboard relies on the SSO service to grant user access and role information during authentication, the Dashboard is unaware of any changes in a user's permissions until they try to sign in. If a user's access is revoked via SSO, this change doesn't appear in the Dashboard UI until the user attempts to sign in again, or until an administrator manually removes that user using the Dashboard UI. This limitation only affects the UI. Users with revoked access in your IdP can never access the Dashboard.
System for Cross-domain Identity Management (SCIM) protocol, used to synchronize user identity details and permissions with applications, is not supported.