Skip to main content

Single Sign-On

Learn how to enable Single Sign-On for your organization.

Important Single Sign-On Information

  • Multi-org support: SSO users part of multiple organizations can log into each organization.
  • Single Sign-On users with username and password: Users that have been configured directly in Coalesce will be able to login with a username/password even if SSO has been enabled so long as their Coalesce-native user record remains active. If you do not wish to allow username/password-based authentication, you will need to disable or delete the users.
  • Provisioned SSO users: Single Sign-On (SSO) provisioned users are created just in time, when the user initiates their initial login to Coalesce via you SSO provider. Users are not pre-provisioned prior to initial login.
  • Multiple records for the same person: While email is used as the unique username for a user within Coalesce, a single email may end up with multiple active user records, each with a unique User ID, within a given Coalesce account. This occurs when a user has been set up directly within Coalesce, as well as provisioned using your single sign-on (SSO) provider. Review Manage Users to see instructions on disabling or deleting extra users.
  • SSO users will need a new token for each new environment created.

Removing SSO

Once SSO has been enabled for an account, there isn't a way to remove SSO. You can change the configuration. Keep in mind, this can have unintended consequences such as locking users out of the account.