Skip to main content
Single sign-on lets members sign in through the organisation’s identity provider. BehavIQ supports SSO for enterprise workspaces where it has been configured for the organisation.

When to use SSO

Use SSO when the organisation wants central control over login, access, and account lifecycle. SSO is usually paired with verified domains. Once a domain is verified, the workspace can require managed users from that domain to sign in through SSO.

Setup flow

The usual setup is:
  1. Create or confirm the enterprise workspace.
  2. Configure the identity provider.
  3. Verify the organisation domain.
  4. Test login with one admin account.
  5. Invite or provision the rest of the pilot group.
Do the first test with a user who can still reach an admin if something is misconfigured.

Local login and SSO

If SSO enforcement is enabled for a verified domain, managed users should use SSO instead of email and password. Break-glass admin access should be planned separately so the workspace is not locked out during an identity provider outage.