Single Sign-On (SSO) allows team members to log into multiple apps with a single entry of login credentials. It also gives company admins better control over user access. Implementing SSO enhances security while providing convenient login experience.
The SSO authentication process involves an Identity Provider — a third-party service that identifies the user and provides authentication services to apps.
Before you start
SSO is available on Pro and Prime plans
In Stripo, SSO is enabled for your entire Workspace. The workspace is where your projects are stored and where you invite your team members to.
Stripo supports the Open ID Connect (OIDC) protocol for SSO integrations
Ensure your Identity Provider supports the OIDC protocol. Any IdP provider that supports the OIDC should work. We have successfully tested the following popular providers: OKTA, OneLogin, Auth0 and Microsoft Entra ID (formerly Azure AD).
Email addresses of the members' Stripo accounts must match with the emails of their IdP accounts.
Steps to Enable SSO in Stripo
Activate SSO: Enable SSO for your workspace by following the instructions in the "SSO Configuration" section;
Members opt-In: Once SSO is activated, all team members need to opt in to the organization's SSO. For details, refer to the section "Team Members Opt-In" going next;
Team Members Opt-In
When SSO is activated, all invited members will:
Be able to access only your Workspace;
Be required to log in exclusively through SSO.
After the SSO activation, all Workspace members (except the owner and the person who activated SSO) must confirm their participation in the Workspace:
Confirmation: Logged-in members will see a pop-up window prompting them to either confirm their participation in the workspace, or decline it and leave the workspace.
Another way to confirm the participation is to go to "Settings"→ "Team" →Security" → "SSO", where you will find the same confirmation form instead of the SSO settings.
Delayed Confirmation: Members can close the pop-up if they need more time to decide. They can later go back to the "Settings" section to confirm it there.
Re-login via SSO: Once members confirm the participation, they will need to re-login via the dedicated SSO Login page:
The ability to delay the confirmation is for members who happen to work in multiple Workspaces (e.g., have freelance projects in the personal workspace). They can complete their tasks in other workspaces before confirming participation in your Workspace.
If you invite someone who does not have an existing Stripo account, they must log in directly through SSO without any additional confirmation
Configuring SSO
To configure SSO, you must have the Admin role with full access to all projects in the workspace, or have the Owner role
Before configuring SSO, ensure that the email address associated with your Stripo account matches the email address of your Identity Provider (IdP) account
Follow the steps below to activate SSO:
Open the Stripo Settings: In your Stripo workspace, navigate to "Settings"→ "Team" →Security" → “SSO“;
Create an IdP application: Set up a new OpenID Connect (OIDC) application in your IdP provider. We've prepared guides for some popular providers (links below):
Add credentials and test them: Once the application is created, add its credentials in Stripo. Use the "Test Connection" button to perform a test authentication; It is an obligatory step to check if the connection is set up and there is no issues with SSO.
Activate SSO and let your team know: all the team members shall follow the instructions in the "Team Members Opt-In" section of this article to confirm their access.
👍 Please be advised:
Before SSO activation, please make sure you tested it by clicking "Test connection" button.
If you changed your SSO credentials, please test the connection again before activation.
Success! Now, all the team members can log in to their Stripo accounts using your IdP provider.
Additional SSO security options:
Let some members bypass SSO:
This feature allows selected users to sign in without SSO using standard authentication methods.
When SSO is enabled, users are normally required to authenticate through your Identity Provider. With SSO bypass, specific members are excluded from this requirement.
To enable bypass, add the user’s email address to the bypass list in SSO settings.
Users with bypass access can log in without SSO at any time, regardless of the workspace SSO policy.
Login Access by IP:
We’ve introduced a new IP-based access control feature for Stripo organizations. This functionality allows organizations to restrict access to their account based on specific IP addresses.
You can add the list of allowed IPs and members with exceptions (by providing email addresses) and activate the toggle to Restrict workspace logins to specific IP addresses.
If a user logs in from an IP address that is not whitelisted, they will not see or be able to access the organization’s projects. This security measure applies to all users, including the account owner.
For security reasons, the owner is not automatically added to the exceptions list. If you want the owner or any other user to always have access to the organization regardless of IP restrictions, their email address must be explicitly added to the exceptions.
Note: Login Access by IP feature is available for Medium, Pro and Prime plans
Thank you for taking the time to read our articles. We hope you will find this information helpful.
If you have any additional questions, please email us at support@stripo.email.
We would be glad to talk with you.