SSO Settings in InVision V7

This article provides answers for InVision V7 only. If you're using InVision V6, read this article instead. Not sure which version you're using? Find out now.

After you have configured settings in your identity provider (IdP), you will need to configure SSO settings in InVision V7.

Accessing SSO settings

To access your SSO settings:

1. Sign in to your InVision Enterprise here: your-team-name.invisionapp.com
2. In the lower-left corner, click the [Your Team Name] dropdown, and then click Settings.
3. Click Single sign-on.
4. Toggle on Require SSO for every member of [your enterprise team].
5. Complete the form, using the appropriate information from your IdP's metadata file.
6. Click Update.
   

   

Fine-tuning your sign-in experience

Within the SSO settings, there are two options that let you customize the sign-in experience:

• Allow users to sign in without SAML
• Allow Just-in-Time provisioning

Allow users to sign in without SAML

If this setting is toggled on (), members of your team can choose to sign in via your IdP, or by using their email and password.

Enabling this setting can save time and hassle, as it allows users outside of your company—people who don’t have SSO accounts with your company, such as clients and contractors—to access your InVision team via any link (including document links) to your Enterprise account.

Allow Just-in-Time provisioning

If Just-in-Time provisioning is toggled on (), here's what to expect:

• Anyone who you have previously authorized—via your IdP app—can automatically join your InVision Enterprise team when signing in via SSO for the first time.
• You'll choose which default role will be assigned to people who join the team via Just-in-Time provisioning:
  • Guest: People with the guest role can create documents, but they can only access spaces and/or documents that other people have created if they are explicitly invited.
  • Member: People with the team member role can preview and join all open documents and spaces.

If Just-in-Time provisioning is toggled off (), you'll add a custom message to let prospective new members know how to request access and join your team:

Configuring your IdP for use with InVision

For information on setting up SSO with a specific IdP, check out one of these articles:

• InVision V7: SSO - Configuring Okta for use with InVision
• InVision V7: SSO - Configuring OneLogin to for Use with InVision
• InVision V7: SSO - Configuring ADFS for use with InVision
• InVision V7: SSO - Configuring Microsoft Azure for use with InVision