What is SSO?
Single Sign-On is a method of authentication (logging into a service) that companies have adopted over the years as it centralizes the security for IT administrators. IT admins can use a single portal for controlling their employee's access. In large corporations, this is ideal because new employees that join their company often need access to multiple software services. But, having the new employee sign up for each service on their own can be cumbersome and time-consuming. SSO centralizes the process by allowing an IT admin to give access for a new employee to multiple services at once through a single login profile.
How do we support SSO?
InVision supports SSO via two main methods:
- Google Auth
Google Auth allows pre-existing members of your Enterprise to login to InVision using their Google account if that email address is a member of the Enterprise.
SAML lets users login after successfully authenticating against your SAML identity provider and will also automatically create an account upon login if one doesn't exist. The most common types of SAML implementations we support are via 3rd party vendors like OneLogin or Okta, but you can also integrate Active Directory with InVision via SAML using ADFS.
What do I need to know before I set up SSO?
There are a few important things to note about our SSO implementation:
SSO is an Enterprise exclusive feature
SSO is only available to Enterprise companies at this time. If you're not a member of an Enterprise you will not be able to have SSO enabled for your InVision account. This also means that SSO won't apply when you login via https://projects.invisionapp.com as it only applies to your Enterprise subdomain.
You cannot login using your InVision username and password if you opt to use Google Auth
Once you've enabled Google Auth, it replaces the default authentication method using your InVision username and password. If you have some users who need access to your InVision company but their email addresses aren't associated with Google accounts, then Google Auth won't work for you as those users will be unable to access your InVision company.
How do I set up SSO?
If you want to set up Google Auth SSO for your Enterprise company, an account Owner or Admin will need to contact Support to get the process started. Be sure to review the "What do I need to know before I set up SSO" section of this article (above) as there are some limitations to Google Auth SSO that may prevent you from using it.
If you're setting up SAML SSO, please refer to the following documentation:
- SSO - Configuring Okta for use with InVision
- SSO - Configuring OneLogin for use with InVision
- SSO - Configuring ADFS for use with InVision
If you are using SAML SSO and do not want account auto provisioning enabled, please read this article: Can I disable SAML auto provisioning for our Enterprise?