SAML-based SSO (Single Sign-On) is a feature available for POEditor organizations on the Enterprise plan.
In this article, you'll learn how to enable and set up SSO for your organization.
How to enable SSO
If you are the owner of a POEditor organization or one of the organization managers, you can go to Organization Settings > Enable SSO to turn on this feature for your organization.
Setup and how SSO works
In order for Single Sign-On to work, you will need to take a couple of steps to set it up.
In your preferred IdP (identity provider):
- create an application for POEditor.
- and add the ACS URL & Entity ID to it.
After this, you will need to fill in two inputs in POEditor, in the SSO setup page:
- Default Team: the name of the team that will be created in your POEditor organization, where the users who are not added to any groups in identity provider will be added when they sign in using SSO.
- SAML File Content: the SAML metadata downloaded from the app you created in your identity provider.
After taking these steps, you can return to your IdP to match the attributes on there to the attributes in POEditor. Our platform has the following attribute mapping:
- email (for the user's email)
- firstName (for the user's first name)
- lastName (for the user's last name)
- userID (for the user's identifier)
- teams (for user groups)
How to restrict access for users without SSO
To grant access to the projects on the organization only to users who have logged in with SAML Single-Sign On, you will need to access the Organization Settings > Preferences and then scroll down to Security > Require SSO.
Step-by-step guides for setting up SAML-based SSO
If you need a detailed guide on how to set up Single Sign On for a particular provider, you can find here a few: