What is SSO?
Single Sign-On is a method of authentication (signing in to a service) that companies have adopted over the years as it centralizes the security for IT administrators. IT admins can use a single portal for controlling their employee's access. In large corporations, this is ideal because new employees that join their company often need access to multiple software services. But, having the new employee sign up for each service on their own can be cumbersome and time-consuming. SSO centralizes the process by allowing an IT admin to give access for a new employee to multiple services at once through a single login profile.
How do we support SSO?
InVision supports SSO via SAML—including SAML with Google Cloud.
SAML lets users sign in after successfully authenticating against your SAML identity provider and will also automatically create an account upon sign-in if one doesn't exist. The most common types of SAML implementations we support are via 3rd party vendors like OneLogin or Okta, but you can also integrate Active Directory with InVision via SAML using ADFS.
What do I need to know before I set up SSO?
There are a few important things to note about our SSO implementation:
SSO is an Enterprise exclusive feature
SSO is only available to Enterprise companies at this time. If you're not a member of an Enterprise you will not be able to have SSO enabled for your InVision account. This also means that SSO won't apply when you sign in via https://login.invisionapp.com as it only applies to your Enterprise subdomain.
How do I set up SSO?
If you're setting up SAML SSO, please refer to the following documentation:
- SSO - Configuring Okta for use with InVision
- SSO - Configuring OneLogin for use with InVision
- SSO - Configuring ADFS for use with InVision
- SSO - Configuring Microsoft Azure for use with InVision
If you are using SAML SSO and do not want account auto-provisioning enabled, please read this article: Can I disable SAML auto-provisioning for our Enterprise?