Single sign-on (SSO)
You can log in to the Sitecore Cloud Portal using the default Sitecore authentication or using single sign-on. With single sign-on, teams can log in to the Sitecore Cloud Portal and Sitecore apps using their existing identity providers. Sitecore Cloud Portal supports identity providers that use the OpenID Connect (OIDC) protocol.
Enabling an SSO connection
To enable SSO with an OpenID Connect provider, you need to configure OpenID Connect.
When your organization enables an SSO connection:
Team members that have email addresses with the email domain of an enabled SSO connection will log in using their identity provider. Users that belong to the domain of an enabled SSO connection still need to be invited to your organization and accept the invitation before they can log in.
Team members that don't belong to an enabled SSO connection are unaffected. They can still log in and retain their current organization role and app roles.
Deleting an enabled SSO connection
When you delete an enabled SSO connection:
Team members associated with the deleted SSO connection can still log in using the default Sitecore authentication.
In most cases, these team members need to reset their password before they can log in. However, if a team member joined the organization before an SSO connection was enabled and can remember their old password, they can log in using their old credentials.
Pending invitations to email addresses associated with the deleted SSO connection domain must be sent again.