Single Sign-On
Configure organization SSO with an OIDC identity provider.
Single Sign-On lets teams use an identity provider to manage sign-in for a organization. SSO is useful for companies that need centralized access control.
SSO availability depends on your plan.
What you need
Section titled “What you need”To register an OIDC provider, prepare:
- domain
- provider ID
- issuer URL
- client ID
- client secret
- callback URL from iSearchFrom
Your identity provider must allow the callback URL shown in the app.
Add an SSO provider
Section titled “Add an SSO provider”- Open Team Settings.
- Confirm the correct organization is active.
- Go to Single Sign-On.
- Choose Add provider.
- Enter the OIDC provider details.
- Copy the callback URL into your identity provider if needed.
- Register the provider.
- Test sign-in before requiring SSO for a domain.
Require SSO for a domain
Section titled “Require SSO for a domain”After testing, you can require SSO for users on the configured domain. Be careful: if the provider is misconfigured, users may be blocked from signing in.
Troubleshooting
Section titled “Troubleshooting”| Issue | What to check |
|---|---|
| SSO not available | Confirm your plan includes SSO |
| Redirect fails | Confirm callback URL is allowed in the identity provider |
| Users cannot sign in | Check issuer URL, client ID, client secret, and domain enforcement |
| Wrong organization | Confirm the active organization before editing providers |
Open in iSearchFrom
Section titled “Open in iSearchFrom”Open Team Settings in the app. Organization SSO settings and domain enforcement belong with team/organization controls.