Single Sign-On (SSO)

Single Sign-On (SSO) lets you manage your organization's users across multiple applications. Your users can then access multiple applications with a single set of corporate credentials.

Supported Identity Providers

You can set up Ybug's Single Sign-On with any SAML-enabled Identity Provider (Okta, Microsoft Azure AD, OneLogin, …).

• Azure AD
• Okta
• OneLogin

If you haven't found your Identity Provider, you can still set up SAML Single Sign-On — please contact us.

Sign in using SSO

Ybug supports sign-in initiated from both the Identity Provider and the Service Provider (Ybug). Users who have already signed in to Ybug using SSO can go to our normal login page and select Log in with Single Sign-On.

User provisioning

To properly identify and provision SSO users, the SAML Identity Provider must be set up to provide three attributes: Email, FirstName, and LastName. As all Ybug users need a valid email address (regardless of whether they use SSO or login/password), make sure that your Identity Provider can pass an email address value via the NameId attribute.

When SSO is enabled in your Ybug account, all your team members (except account owners) are required to use Single Sign-On as their authentication method. Account owners can always use both methods (SAML SSO and username/password) to authenticate into Ybug. This is important when there's a misconfiguration or something changes in the Identity Provider — the account owner can then log in with credentials and fix the problem.