Skip to content

Single Sign-On

Configure organization SSO with an OIDC identity provider.

Single Sign-On lets teams use an identity provider to manage sign-in for a organization. SSO is useful for companies that need centralized access control.

SSO availability depends on your plan.

To register an OIDC provider, prepare:

  • domain
  • provider ID
  • issuer URL
  • client ID
  • client secret
  • callback URL from iSearchFrom

Your identity provider must allow the callback URL shown in the app.

  1. Open Team Settings.
  2. Confirm the correct organization is active.
  3. Go to Single Sign-On.
  4. Choose Add provider.
  5. Enter the OIDC provider details.
  6. Copy the callback URL into your identity provider if needed.
  7. Register the provider.
  8. Test sign-in before requiring SSO for a domain.

After testing, you can require SSO for users on the configured domain. Be careful: if the provider is misconfigured, users may be blocked from signing in.

IssueWhat to check
SSO not availableConfirm your plan includes SSO
Redirect failsConfirm callback URL is allowed in the identity provider
Users cannot sign inCheck issuer URL, client ID, client secret, and domain enforcement
Wrong organizationConfirm the active organization before editing providers

Open Team Settings in the app. Organization SSO settings and domain enforcement belong with team/organization controls.