Skip to main content

Articles in Section

See more

SSO: Single sign-on

  • Updated
This topic describes how to:
  • Activate single sign-on (SSO)
  • Frequently asked questions on SSO

Optimizely lets you implement Single Sign-On (SSO) through SAML 2.0, an open standard data format for exchanging authentication and authorization information. This allows your team to log in to Optimizely using their existing corporate credentials. SSO is an account-level feature that will apply across all projects and experiments.

Optimizely SSO is available for any SSO provider that supports the SAML 2.0 protocol. For example Okta, Google Workspace and Azure AD.

Activating SSO

To activate SSO, contact support and lets us know you want to enable SSO and what SSO provider you are interested in implementing. This will start the setup process.

Once SSO is enabled, all users will have to log in via SSO. The ability to log in with an email and password will be disabled.

Accessing SSO settings

In Optimizely, navigate to Account Settings > Security and Privacy

If you do not have Single Sign-on enabled you will see instructions on how to enable SSO:

enable_sso.png

If SSO is enabled for your account, you will see a checkbox to enable single sign-on:

sso.png

SSO login

If you already have enabled SSO in Optimizely, follow these steps to sign in to your Optimizely account: 

  1. From the sign-in page, click Log in using SSO.

    login_sso.png
  2. You will be redirected to the SSO page, where you will enter an Optimizely-recognized email address, which is authenticated by your Identity Provider.
  3. If your email is recognized as a user with an SSO who has permissions on any account, you will be challenged for your credentials by your Identity Provider. This step is skipped if you already have a session open. 

Additional SSO identity providers

Accounts can also have up to 2 additional Identity Providers tied to an account. Contact support if you would like to add additional SSO identity providers.

 

FAQ

What can I do if Optimizely’s SSO is not working?
Please contact your Optimizely account administrator to file a support ticket with Optimizely and disable SSO on your account settings page.
 
What can I do if my Identity Provider goes down?
Please contact your Optimizely account administrator to file a support ticket with Optimizely and disable SSO on your account settings page.
 
How long do SSO-based sessions last?
The SSO session will expire after 4 hours of inactivity and has a maximum length of 7 days.
 
Can I sign in using my regular password?
No. Once SSO is enabled, the ability to log in using your password will be disabled for security reasons.
 
How do I log in to my non-SSO accounts?
To log into a non-SSO account, sign in with your email and password on Optimizely.com, and you will be logged into a non-SSO account that you have access to. You can switch to any other non-SSO account you have access to. Switching between non-SSO accounts is allowed.
 
Will multi-account login work between non-SSO accounts?
Yes. Switching between non-SSO accounts is allowed.
 
Will multi-account login work between SSO and non-SSO accounts?
No. If you are a collaborator on multiple accounts, switching out of and into an SSO-enabled account will not be allowed for security reasons. To log into a non-SSO account, log out and log in to your non-SSO account by supplying an email and password on optimizely.com.
 
Can I add collaborators who don’t have SSO credentials to my SSO-enabled account?
If you add collaborators who don’t have SSO credentials, they will not be able to log in to the account.
 
How can I provision new users on Optimizely via my IdP?
SSO is only used for authentication. New users will need to be provisioned in Optimizely. See managing collaborators in Optimizely Web for instructions on how to add a new user on Optimizely.
 
Can existing collaborators on my SSO-enabled account access the account if they don’t have SSO access through my organization?
No. Only collaborators with SSO credentials through your organization can access your SSO-enabled account.
 
How do I revoke a user’s access?
On Optimizely.com, you can remove the user as a collaborator. On your end, e.g., for off-boarding, it depends on how you revoke access for a user in your identity provider.
 
Leave a comment

Please sign in to leave a comment.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

0 comments