SSO Settings in InVision V7
This article provides answers for InVision V7 only. If you're using InVision V6, read this article instead. Not sure which version you're using? Find out now.
After you have configured settings in your identity provider (IdP), you will need to configure SSO settings in InVision V7.
SSO in InVision V7 is only available for Enterprise plans. To set up SSO, you must be an owner or admin on the Enterprise account.
Accessing SSO settings
To access your SSO settings:
- Sign in to your InVision Enterprise here:
- In the lower-left corner, click the [Your Team Name] dropdown, and then click People & Team settings.
The Team page will open with the People tab active.
- Click Settings tab, and then click Single sign-on.
- Toggle on Require SSO for every member of [your enterprise team].
- Complete the form, using the appropriate information from your IdP's metadata file.
- Click Update.
Fine-tuning your sign-in experience
Within the SSO settings, there are two options that let you customize the sign-in experience:
- Allow users to sign in without SAML
- Allow Just-in-Time provisioning
Allow users to sign in without SAML
If this setting is toggled on (), members of your team can choose to sign in via your IdP or by using their InVision email and password.
Enabling this setting can also save time and hassle, as it allows users outside of your company—people who don’t have SSO accounts with your company—to access your InVision team.
Allow Just-in-Time provisioning
If Just-in-Time provisioning is toggled on (), here's what to expect:
- Anyone who you have previously authorized—via your IdP app—can automatically join your InVision Enterprise team when signing in via SSO for the first time.
- You'll choose which default role will be assigned to people who join the team via Just-in-Time provisioning:
- Guest: People with the external guest role can only access documents and spaces they are invited to.
- Member: People with the team member role can preview and join all open documents and spaces.
If Just-in-Time provisioning is toggled off (), you'll add a custom message to let prospective new members know how to request access and join your team:
Configuring your IdP for use with InVision
For information on setting up SSO with a specific IdP, check out one of these articles: