What Identity Providers (IdP) does Spreedly support?
Spreedly offers single-sign-on (SSO) leveraging Auth0’s enterprise authentication connections. We officially support SAML and OpenID Connect (OIDC) specifications on Okta or Azure Active Directory. Once enabled, your Spreedly users can access their Spreedly Dashboard and Spreedly ID Admin portal by authenticating to your identity provider (IdP).
Note: SSO is currently enabled by our team. Please reach out to firstname.lastname@example.org with your request before following the preparation steps outlined below.
What should I have prepared to enable an IdP connection?
While specific instructions for your unique IdP will differ, they all follow a similar pattern. Your security or IT team may be able to help.
There are a few steps you can take to prepare for SSO enablement:
- Create a new application or client for Spreedly in your IdP portal
- When asked, use https://auth.spreedly.com/login/callback as the login callback URL
- Make note of any Client IDs and Secrets, we’ll need those.
- If your IdP provides you with one, we may need the client certificate file (XEM or PEM usually).
- Determine the email domain(s) you would like this SSO enabled for, i.e., “@mycompany.com”
How long does it take to enable SSO?
If the above information is available and your IdP client has been created, we should have SSO enabled in well under an hour.
What is the impact of SSO on my existing Spreedly integration?
Enabling SSO will not impact your Spreedly integration or API access in any way, as it only includes authentication for Spreedly’s web interfaces used for configuration and reporting.
Is there a way to test this in a non-Production environment?
To test SSO on non-production users, we suggest using an alternative email domain for testing. For example, email@example.com before enabling SSO in production for all users with an email address ending in @mycompany.com.
Is there a fallback if users cannot log in with our IdP?
If there are errors logging in with your IdP, we can temporarily disable SSO before investigating the issue, which would retain access for any user who had a password set up prior to SSO enablement. Users provisioned after SSO would be prompted to change their password.
Can users be provisioned/removed through the IdP?
Users cannot be provisioned/revoked access through your IdP. An existing Spreedly administrator needs to invite new users and remove users from their Organizations. However, if a user loses access to your IdP, they will also lose access to Spreedly applications.
Can user roles be modified through the IdP?
Updates to roles and permissions must be modified in the Spreedly application and will not be reflected in the IdP.