Single Sign-On (SSO) is a method of authentication (signing in to a service) that companies have adopted over the years as it centralizes the security for IT administrators. IT admins can use a single portal for controlling their employee's access. In large corporations, this is ideal because new employees that join their company often need access to multiple software services. But, having the new employee sign up for each service on their own can be cumbersome and time-consuming. SSO centralizes the process by allowing an IT admin to give access for a new employee to multiple services at once through a single sign-on profile.
Supported SSO methods
InVision supports SSO via two main methods:
- Google Auth
Google Auth allows pre-existing members of your Enterprise to sign in to InVision using their Google accounts if each email address belongs to a member of the Enterprise.
SAML lets users sign in after successfully authenticating against your SAML identity provider and will also automatically create an account upon sign-in if one doesn't exist. The most common types of SAML implementations we support are via 3rd party vendors like OneLogin or Okta, but you can also integrate Active Directory with InVision via SAML using ADFS.
If you plan to implement SSO for your Enterprise, we recommend first ensuring that the Enable password expiration
option is toggled off in your Password Policy settings
. With SSO enabled, password expiration via InVision (rather than your SSO provider) may prevent some of your members from accessing your Enterprise account if they forget their native InVision password.
What to know before setting up SSO
There are a few important things to note about our SSO implementation:
SSO is an Enterprise exclusive feature
SSO is only available to Enterprise companies at this time. If you're not a member of an Enterprise you will not be able to have SSO enabled for your InVision account. This also means that SSO won't apply when you sign in via https://login.invisionapp.com as it only applies to your Enterprise subdomain.
You cannot sign in using your InVision username and password if you opt to use Google Auth
Once you've enabled Google Auth, it replaces the default authentication method using your InVision username and password. If you have some users who need access to your InVision company but their email addresses aren't associated with Google accounts, then Google Auth won't work for you as those users will be unable to access your InVision company.
Setting up SSO
If you want to setup Google Auth SSO for your Enterprise company, an account Owner or Admin will need to contact Support to get the process started.
If you're setting up SAML SSO, please refer to the following documentation: