Use this page to walk through setting up single sign-on for your organization so people log in through your identity provider with the correct verification steps.
Get ready
- Decide whether you will connect Azure AD, Okta, OneLogin, PingIdentity, or any SAML 2.0 IdP.
- Gather your IdP metadata/XML, certificates, and the username/email attribute Sizemotion should trust.
- Plan a staging run with a small pilot group so you can verify assertions before rolling to the whole company.
Connect your IdP
- Visit Settings → SSO Config, click “Add Identity Provider,” and paste the IdP metadata or upload the XML file.
- Set the display name, select your username/email attribute, and pin the signing certificate—our UI highlights whether the metadata requires updates.
- Use the “Staging” toggle to test logins; once success is confirmed, promote the configuration to “Active” so all users are redirected to the IdP.
- You can save multiple IdP profiles for dev/test vs production without reissuing metadata; swap them via the promoted dropdown without disrupting live users.
Maintain trust
- Rotate certificates by uploading the new public key before the existing one expires and test under the staging profile.
- Review the attribute mapping section to ensure Sizemotion still receives email, groups, and other claims after IdP schema changes.
- Enable SCIM provisioning to automate user and group lifecycle, and monitor the events feed for sync warnings.
- Apply additional guardrails like enforcing MFA through the IdP, requiring specific group membership, and pairing with IP restrictions from Account Settings.
Support & troubleshooting
- Export SSO audit logs anytime from Settings → SSO Config to share with your security team if there are failed handshake attempts.
- Reach out to Sizemotion support with the IdP metadata and error trace if users see redirect loops or attribute mismatches.
- When a role needs access to manage SSO, just grant the “SSO Config” privilege so operators can update certs without touching other admin flows.