Single Sign-On (SSO) Setup

Configure SAML-based SSO to allow team members to authenticate using your organization's identity provider.

Enterprise Feature

SSO is available on Enterprise plans. Contact sales for details.

Supported Providers

• Okta
• Azure Active Directory
• Google Workspace
• OneLogin
• Any SAML 2.0 compatible provider

General Setup Steps

1. Go to Settings > SSO Configuration
2. Note the ACS URL and Entity ID provided by SureStage
3. In your IdP, create a new SAML application using these values
4. Copy the IdP Metadata URL (or upload the metadata XML) back to SureStage
5. Map the required attributes:
   • email (required)
   • firstName (optional)
   • lastName (optional)
6. Click Test Connection
7. Once verified, click Enable SSO

Enforcement

Optionally enforce SSO for all members:

• Optional - Members can use SSO or email/password
• Required - All members must use SSO (email/password disabled)

Provider-Specific Guides

Okta

1. Create a new SAML 2.0 application in Okta admin
2. Set the Single Sign-On URL to your SureStage ACS URL
3. Set the Audience URI to your SureStage Entity ID
4. Configure attribute statements for email, firstName, lastName
5. Assign users/groups to the application

Azure AD

1. In Azure Portal, go to Enterprise Applications > New Application
2. Create a custom SAML application
3. Set the Identifier and Reply URL from SureStage settings
4. Configure user attributes and claims
5. Assign users/groups

Next Steps

• SCIM Provisioning - Automate user provisioning alongside SSO
• Troubleshooting: SSO - Fix SSO configuration issues