You can integrate Claimable with identity providers that support SAML, such as Microsoft Azure AD, Okta & OneLogin, to give your users the option to log in to Claimable via SSO.
With SAML SSO enabled on your Claimable account, your users will be able to log in to Claimable using SSO in two ways:
By launching Claimable directly from the dashboard of your identity provider (e.g. Azure AD, Okta, OneLogin).
Via the "Log in with SSO" button on the Claimable login screen.
Both methods allow users to log in to Claimable without the need to supply a separate password.
Integrating Claimable with your SAML SSO Identity Provider
Please contact Claimable support to configure your SAML SSO integration. We'll guide you through the process, which will require administrator access to your identity provider portal.
Claimable supports most popular identity providers such as Microsoft Azure AD, Okta and OneLogin, but also other providers that support the SAML 2.0 protocol.
Note: If you are not sure if your identity provider is supported, please let us know which platform you use and we will be able to confirm if SSO with Claimable is possible.
Requiring SSO for all users
You have the option to require that all users on your Claimable account login via SSO. This will prevent them from logging in to Claimable using an email address and password.
The default setting is that both SSO and password log in methods are available to the user so they can choose what suits them best.
If you are transitioning towards using only SSO for your company, we recommend allowing both log in methods during the transition period to avoid disruption and allow users to become accustomed to SSO, before making it required.
To further boost security you can choose to restrict the email domains allowed to log in via SSO.
By default, all domains are allowed, but if your identity provider manages multiple domains you may wish to restrict this to a single domain or handful of domains.
Requirements to Log In With SSO
In addition to having a user profile on your identity provider, to log in to Claimable the following requirements must be met:
The user must have an active Claimable user account.
The email address registered on the user's identity provider profile must match that on their corresponding user account in Claimable.
If email domain whitelisting is enabled, the user's email address domain must match the list of allowed domains. (For example to log in with the email address "email@example.com",
example.commust be whitelisted).