SAML - SSO

Secure, one‑click access to Siit. Enable Google or Microsoft sign‑in in seconds, or connect a third‑party SAML identity provider for enterprise control. You can test safely, then enforce SSO for everyone.

Sign‑in options

• Google SSO: one‑click OAuth sign‑in with Google Workspace accounts.

• Microsoft SSO: one‑click OAuth sign‑in with Microsoft Entra ID accounts.

• SAML SSO: connect your IdP (Okta, Microsoft Entra ID, OneLogin, JumpCloud, …). We support both SP‑initiated and IdP‑initiated flows.

Suggested visual

• [Screenshot] Login screen with “Sign in with Google,” “Sign in with Microsoft,” and “Sign in with SSO”

Quick start (Google/Microsoft) ⚡

• Go to Settings → Security → SSO.

• Toggle “Allow sign in with Google” and/or “Allow sign in with Microsoft.”

• Optionally restrict by email domain (e.g., only @yourcompany.com).

• Save. Users can now click the relevant button on the login page.

When to use: you want fast setup with your primary suite and don’t need custom claims or role mapping.

What SAML adds

• Centralized control and MFA via your IdP

• Attribute/claim mapping to prefill name and email

• Optional group → role mapping in Siit (if enabled for your workspace)

• Certificate‑based trust with rotation support

Supported providers

• Okta

• Microsoft Entra ID (Azure AD)

• OneLogin

• JumpCloud Provider‑specific, step‑by‑step guides are available in our Help Center.

Troubleshooting

• User cannot sign in

  • Check domain restriction and that the user exists with the correct email.

  • Verify email address and matches the Siit user’s email format.

• Invalid signature / audience mismatch

  • Re‑upload a valid IdP certificate and confirm Entity ID and ACS URL match Siit.

• Group/role not applied

  • Ensure the groups claim is included in the SAML assertion and the mapping rule exists in Siit.

• Looping back to login

  • Confirm SP‑initiated vs IdP‑initiated configuration and redirect URLs; clear cookies and retry in a private window.