Requirements for SSO
- Your workspace must be on a Business plan
- If using SAML, your Identity Provider must support SAML 2.0
- Only workspace admins and owners can configure SSO
- Your workspace admin or owner must verify ownership of the SSO email domain
The below content is for workspace admins and owners. Only workspace admins and owners have access to add verified domains, set up SSO, and configure workspace login methods.
Verifying your Email Domain
In order to configure SAML SSO for your workspace, you first need to verify ownership of the email domain. If configuring Google OAuth (not SAML), you can skip this section. Refer to the guide here to verify your email domain.Setting up SSO
Navigate to the Authentication section in your workspace settings to get started.SAML SSO
- First, make sure you’ve verified the domain(s) you intend to use for SSO (see above)
- Click the Enable SSO toggle and select SAML
- If setting up SAML SSO, you’ll need to enter a metadata URL, which contains all the necessary configuration for Pipedream. Refer to the provider-specific docs for the detailed walk-through (Okta, Google Workspace, any other SAML provider).
- Click Save
Google OAuth
- Click the Enable SSO toggle and select Google
- Enter the domain that you use with Google OAuth. For example,
vandalayindustries.com - Click Save
Restricting Login Methods
Once you’ve configured SSO for your workspace, you can restrict the allowed login methods for non-workspace owners.
| Login Method | Description |
|---|---|
| Any login method | Everyone in the workspace can sign in either using SSO or via the login method they used to create their account (email and password, Google OAuth, GitHub) |
| SSO only | Workspace members and admins must sign in using SSO |
| SSO with guests | When siging in using a verified email domain, members and admins must sign in using SSO. If signing in with a different domain (gmail.com for example), members (guests) can sign in using any login method. |