Single Sign-On
Learn how to enable Single Sign-On for your organization.
Important Single Sign-On Information
- Multi-org support: SSO users part of multiple organizations can log into each organization.
- Single Sign-On users with username and password: Users that have been configured directly in Coalesce will be able to login with a username/password even if SSO has been enabled so long as their Coalesce-native user record remains active. If you do not wish to allow username/password-based authentication, you will need to disable or delete the users.
- Provisioned SSO users: Single Sign-On (SSO) provisioned users are created just in time, when the user initiates their initial login to Coalesce via you SSO provider. Users are not pre-provisioned prior to initial login.
- Multiple records for the same person: While email is used as the unique username for a user within Coalesce, a single email may end up with multiple active user records, each with a unique User ID, within a given Coalesce account. This occurs when a user has been set up directly within Coalesce, as well as provisioned using your single sign-on (SSO) provider. Review Manage Users to see instructions on disabling or deleting extra users.
- SSO users will need a new token for each new environment created.
Removing SSO
Once SSO has been enabled for an account, there isn't a way to remove SSO. You can change the configuration. Keep in mind, this can have unintended consequences such as locking users out of the account.
📄️ Microsoft Entra ID
Use Microsoft Entra ID to sign into Coalesce
📄️ Ping Identity SSO
In this guide, you’ll learn how to set up Ping Identity authentication in Coalesce.
📄️ Okta SSO
In this guide, you’ll learn how to set up Ping Identity authentication in Coalesce.