Set up SSO for your organization

Single sign-on (SSO) enables access to your Redox dashboard account using a third-party identity provider, allowing you to control user access policies via a central resource for your organization. Redox supports identity providers compatible with the SAML protocol

With SSO, a user from your organization enters their email on the dashboard login page, which then redirects them to your identity provider for authentication. If successfully authenticated, they are redirected back to the dashboard as a logged-in user.

Only for Standard or above users

For our Basic plan customers, SSO isn't available. Talk to a Redoxer if you're interested in upgrading to take advantage of SSO.

For our Standard (and above) plan customers, SSO is enabled by default. But SSO is only available to dashboard users that belong to one dashboard organization. If your organization has users that are part of multiple organizations, they must remove themselves or transfer access to a different Redox account before using SSO.

Configuring in the dashboard

For Standard (and above) customers, an organization owner can follow these steps to turn on SSO:

  1. Log in to the dashboard.
  2. On the navigation menu, your username displays at the bottom. Click your username for the user menu to appear.
  3. From the user menu, select the Organization Profile option.
    Organization Profile option of the user menu
    Organization Profile option of the user menu
  4. By default, the Organization Info page displays. Click the Settings tab.
  5. The page opens with the organization settings. Under the Single Sign-On section, toggle the SSO option to Enabled.
    SSO enabled for your organization
    SSO enabled for your organization

    For non-organization owners

    If you're not an organization owner, the toggle option won't be available. Instead, the Single Sign-On section displays a warning that says you must be an organization owner to manage SSO.

  6. More fields appear for you to populate details about your identity provider (IDP). Specific configuration details vary between IDPs, but the basic process is the same. Enter the following values from your IDP into the appropriate fields:
    IDP fields
    IDP fields
    1. Identity provider section
      1. Name: The name of your IDP.
      2. Domain name: Your company domain where your organization's users have an email account.
      3. SAML metadata URL: The public URL that points to your SAML metadata XML document, which should include the entity ID and keys to use when validating the response from the IDP.
    2. Attribute mapping section
      1. User full name: The label that your IDP uses for a user's name.
      2. User email: The label that your IDP uses for a user's email address.
  7. Once you populate the fields in step #6, click the Save button.
  8. After saving successfully in the dashboard, you must refer to your IDP for instruction on how to configure the SAML protocol from their end.

    IDP instructions

    Check out the instructions we have for configuring the SAML protocol for common IDPs after this section.

  9. Once both parties are enabled and setup is successful, all users must log in via SSO going forward. Previous username and password credentials no longer work.

After SSO is enabled, any new user who successfully authenticates via your identity provider is added to your organization. Existing users of your organization may not join another Redox organization.

Lastly, keep in mind that user access may be revoked from your identity provider.

Configuring SAML protocol

Follow the instructions for your given IDP to enable SSO. For your convenience, we have instructions for the following IDPs.