Configure multiple SSO connections

  • Updated

Opti ID lets you configure up to five single sign-on (SSO) connections for your organization. When configuring multiple SSO connections, they can each use different authentication protocols and identity providers (IdP):

  • Available authentication protocols – Security Assertion Markup Language (SAML) and OpenID Connect (OIDC)
  • Available identity providers – Entra ID, Okta. PingOne

For each SSO connection, you can also:

Whether you configure one SSO connection or five SSO connections, that forces all your users to log in using SSO.

Removing all your configured SSO connections switches your organization (and all your users) to local login. When that happens, Opti ID sends activation emails to your users so that they can activate their local account, which includes setting up a password.

Add SSO connections

See the following documentation to configure an SSO connection using SAML or OIDC with your preferred IdP. You can repeat the steps in each article to create up to five additional SSO connections.

As described in those articles, you must enter a name for each SSO connection that will display to users when they log in. This name helps users select the correct SSO connection for their login. All of your configured SSO connections display on the Opti ID login page for all of your organization's users; each user must select the SSO connection that applies to them.

Ensure all your SSO connections are configured correctly and are functional so that all users within your organization can access Optimizely.

The image below shows how the login page displays to users if your organization has two SSO connections configured; one named acme.com and the other named gov.acme.com.

Use cases

The following are some use cases for configuring multiple SSO connections.

Users are segmented across domains and SSO logins

For example, customer Acme (acme.com) has a sub-company (gov.acme.com) that deals with sensitive government contracts, and those users need to log in with higher security measures. To enable this, you can set up two separate SSO connections; one to handle the general acme.com users and one to handle the gov.acme.com users.

You need to make changes to your existing SSO connection

If you updated your organization's SSO configuration or created an SSO connection with an error, it is a good idea to create a new SSO connection in Opti ID first with the updated information before removing the old connection. This prevents users from converting to local login and receiving activation emails from Opti ID.