SSO: Single sign-on

  • Updated
Follow
This topic describes how to:
  • Activate single sign-on (SSO)
  • Modify SSO settings for your account

Looking to enable SSO for an Enterprise customer? Contact your friendly local customer success manager who can enable SSO. 

Optimizely lets you implement Single Sign-On (SSO) through SAML 2.0, an open standard data format for exchanging authentication and authorization information. This allows your team to log in to Optimizely using their existing corporate credentials. SSO is an account-level feature that will apply across all projects and experiments.

Optimizely SSO is available for Azure Active Directory (AD). See the detailed tutorial on the Azure AD and Optimizely integration here.

 
Note:

Single Sign-On (SSO) is available only on select packages for Optimizely. If you’re interested in gaining access to this feature, please contact your Customer Success Manager (CSM) or sales@optimizely.com.

Activating SSO

Once SSO is enabled, all users will have to log in via SSO. The ability to log in with an email and password will be disabled.

To access SSO settings, go to Account Settings by logging in to Optimizely.

In Optimizely, navigate to Account Settings> Security and Privacy. You'll need to contact your CSM or support to enable SSO.

sso1.png

SSO login

If you already have enabled SSO in Optimizely, follow these steps to sign in to your Optimizely account: 

  1. From the sign-in page, click Log in using SSO.

    login_sso.png
  2. You’ll be redirected to the SSO page, where you’ll enter an Optimizely-recognized email address, which is authenticated by your Identity Provider.
  3. If your email is recognized as a user with an SSO who has permissions on any account, you will be challenged for your credentials by your Identity Provider. This step is skipped if you already have a session open. 

Additional SSO Identity Providers

Accounts can also have up to 2 additional Identity Providers tied to an account. Users connecting through the additional Identity Providers will need to sign in directly from their Identity Provider. They will not be able to sign in from  https://app.optimizely.com/signin/sso.  

Set up any additional Identity Provider(IdP) in Auth0 and enter the name of the connection under the "Secondary Connection Names" box in the success board.

image.png

FAQ

What can I do if Optimizely’s SSO is not working?
Please contact your Optimizely account administrator to file a support ticket with Optimizely and disable SSO on your account settings page.
 
What can I do if my Identity Provider goes down?
Please contact your Optimizely account administrator to file a support ticket with Optimizely and disable SSO on your account settings page.
 
How long do SSO based sessions last?
The SSO session will expire after 4 hours of inactivity and has a maximum length of 7 days.
 
Can I sign in using my regular password?
No. Once SSO is enabled the ability to log in using your password will be disabled for security reasons.
 
How do I log in to my non-SSO accounts?
To log into a non-SSO account, sign in with your email and password on optimizely.com and you will be logged into a non-SSO account that you have access to. From here, you can switch to any other non-SSO account you have access to. Switching between non-SSO accounts is allowed.
 
Will multi-account login work between non-SSO accounts?
Yes. Switching between non-SSO accounts is allowed.
 
Will multi-account login work between SSO and non-SSO accounts?
No. If you are a collaborator on multiple accounts, switching out of and into an SSO-enabled account will not be allowed for security reasons. To log into a non-SSO account, log out and log in to your non-SSO account by supplying an email and password on optimizely.com.
 
Can I add collaborators who don’t have SSO credentials to my SSO-enabled account?
If you add collaborators who don’t have SSO credentials, they will not be able to log in to the account.
 
How can I provision new users on Optimizely via my IdP?
SSO is only used for authentication. New users will need to be provisioned in Optimizely. See managing collaborators in Optimizely Web for instructions on how to add a new user on Optimizely.
 
Can existing collaborators on my SSO-enabled account access the account if they don’t have SSO access through my organization?
No. Only collaborators with SSO credentials through your organization can access your SSO-enabled account.
 
How do I revoke a user’s access?
On optimizely.com, you can remove the user as a collaborator. On your end, e.g. for off-boarding, it depends on how you revoke access for a user in your identity provider.
 

Comments

0 comments

Please sign in to leave a comment.