Single sign-on (SSO)
Review the process for enabling single sign-on (SSO) for your company
Single Sign-On (SSO) is a convenient way for users to access multiple applications or systems using just one set of login credentials.
By using SSO, users do not have to remember different credentials for different companies; one Identity Provider (e.g., Azure, Okta, Duo Security, Google, etc.) can be used to log in.
The following Identity Providers have been thoroughly tested with our partners and are available for SSO:
- Azure Entra ID
- Okta
- Duo Security
- JumpCloud
- OneLogin
- PingOne
- Google (OAuth 2.0)
Constructor will support any Identity Providers that support SAML. Please work with your Customer Success Manager if you are using an Identity Provider not listed above.
SAML implementation
Implementing SSO using SAML is a straightforward process. It requires that your Integrations team exchange configuration information with the Constructor team.
Enabling SAML SSO follows the below process:
- A member of your team will reach out to your Customer Success Manager and ask to have SSO enabled for the Constructor dashboard.
- Your Customer Success Manager will then schedule a call. The individuals who will need to attend this call include:
- Constructor system administrators
- The Identity Provider administrators for your company
- A member of your team who uses Constructor. This can be an admin or a general user.
- During the call, both parties will exchange SAML configuration information. At the end of the call, the parties will verify that the integration works.
OAuth 2.0 implementation
Implementing SSO using OAuth 2.0 for Google is a straightforward process that does not require that your team exchange configuration information with Constructor.
Enabling OAuth 2.0 follows the below process:
- A member of your team will reach out to your Customer Success Manager and ask to have SSO (OAuth 2.0) enabled for the Constructor dashboard.
- Your Customer Success Manager will activate the Google Login.
- All future users who log into the Constructor dashboard will be required to log in via Google.
Can we enable both SSO SAML and SSO OAuth 2.0 for our company?
This is not possible. Companies can have only one login method configured—SAML, Google OAuth 2.0, or password login.
Remove access for former employees
If an employee leaves your company, then you will want to remove their access to your Constructor dashboard.
- If your company uses SAML login, remove them from your Identity Provider.
- If your company uses Google OAuth 2.0 login, remove them from your Google organization.
- If your company uses password login, you must log into the Constructor dashboard and remove users account from your company.
It is also recommended you remove these users from your Constructor dashboard in SAML and OAuth 2.0 cases.
Updated 13 days ago