Skip to content

Single sign-on

Last updated: September 07, 2022

Single sign-on (SSO) authentication allows users to authenticate via their organization's third-party identity provider (IdP) and gain access to a different system by providing proof of their authentication.

For you, this means that you can delegate Dashboard team management, account creation, and authentication to a third-party IdP.

You can use any identity provider to enable SSO with Dashboard, as long as they support Security Assertion Markup Language 2.0 (SAML).

We recommend single sign-on as the default approach to Dashboard team management.

To learn more, reach out to your Customer Success Manager or support@checkout.com.


Supported features

You can use SSO to:

  • Sign in to Dashboard directly through your SSO platform's portal.
  • Grant, update, and revoke your team's Dashboard access.
  • Mandate your organization's security policies, such as multi-factor authentication, password policies, and account recovery procedures.

Benefits

Enabling SSO authentication in Dashboard can simplify user management, as user access and permissions are granted or revoked automatically based on the user's identity and assigned groups in your SSO platform.

In addition, as you can mandate and enforce authentication standards directly from the SSO platform, you can increase security around your Dashboard access.


Limitations

There are some limitations to be aware of if you decide to enable SSO for Dashboard.

Dashboard relies on the SSO service to provide user access and role information during authentication, meaning Dashboard is unaware of any changes in a user's permissions until they attempt to log in.

If a user's access is revoked via SSO, this will not be reflected in the Dashboard UI until a login attempt is made. This solely affects the UI, at no point will a user with access revoked within your IdP be able to access Dashboard.

System for Cross-domain Identity Management (SCIM) protocol, used to synchronize user identity details and permissions with applications, is not currently supported.