Single sign-on (SSO)
You can log in to the Sitecore Cloud Portal using the default Sitecore authentication or using single sign-on. With single sign-on, teams can log in to the Sitecore Cloud Portal and Sitecore apps using their existing identity providers.
Sitecore Cloud Portal supports identity providers that use the OpenID Connect (OIDC) protocol or Security Assertion Markup Language (SAML) protocol. An organization can have up to five SSO connections, with each connection supporting up to 50 domains.
Enabling an SSO connection
To enable SSO for your Sitecore Cloud Portal organization and apps, you need to configure OpenID Connect or SAML.
When your organization enables an SSO connection:
-
Team members that have email addresses with the email domain of an enabled SSO connection will log in using their identity provider in all organizations.
-
Users that belong to the domain of an enabled SSO connection still need to be invited to your organization and accept the invitation before they can log in.
-
Team members that don't belong to an enabled SSO connection are unaffected. They can still log in and retain their current organization role and app roles.
-
Email addresses that do not match the email domain of an enabled SSO connection will log in using the default Sitecore authentication.
Deleting an enabled SSO connection
When you delete an enabled SSO connection:
-
Team members associated with the deleted SSO connection can still log in using the default Sitecore authentication.
In most cases, these team members need to reset their password before they can log in. However, if a team member joined the organization before an SSO connection was enabled and can remember their old password, they can log in using their old credentials.
-
Pending invitations to email addresses associated with the deleted SSO connection domain must be sent again.