In the console, you can enable single sign-on (SSO) for your organization.
The system supports the following identity providers:
- Login to the Spot account as an administrator: Spot Console
- Click on the user icon and choose Settings.
- Click on the
SECURITYtab on the left sidebar and select Identity Providers. - Complete the required information in the form and save.
Relay state – The Organization ID – Used as the Relay State configuration for the identity provider (Used in IDP Initiated SSO)
Provider type – Currently the only supported standard is SAML (Security Assertion Markup Language)
Metadata – Data provided by the identity provider in order to sync our settings properly.
User Default Organization Role – The role which is given to users who logged in via the Identity Provider (Viewer/Editor). For further information, see User Roles.
User Allowed Accounts – The accounts which the user will have access to (Default Account or All Accounts)
For further information, see Organizations and Accounts.
When you want to determine different user roles per account, you can choose the organization and role the user will sign in with when signing in with SSO.
Configure the IDP to create a SAML response with the parameter OrgAndRole.
This configuration will generate another screen which will let the user choose an organization and role:
Roles can be defined only by organization or by account, not both.