Single Sign-On (SSO)
Connect TrueConfig to your identity provider for centralized authentication using SAML 2.0.
Overview
Single Sign-On allows your team members to authenticate to TrueConfig using your organization's identity provider (IdP). This provides:
Centralized Access Control
Manage who can access TrueConfig from your IdP
Enforce MFA Policies
Your IdP's MFA requirements apply to TrueConfig access
Simplified User Management
Users authenticate with existing corporate credentials
Audit Trail
All SSO logins are recorded in your IdP logs
Supported Identity Providers
TrueConfig supports any SAML 2.0 compliant identity provider, including:
Setup Process
Create a SAML Application
In your identity provider, create a new SAML 2.0 application for TrueConfig. You'll need the Service Provider details from your TrueConfig settings.
Configure SAML Settings
Use these values when configuring your SAML application:
https://nrzcgufywxzlujgljbny.supabase.co/auth/v1/sso/saml/metadatahttps://nrzcgufywxzlujgljbny.supabase.co/auth/v1/sso/saml/acsurn:oasis:names:tc:SAML:1.1:nameid-format:emailAddressConfigure Attribute Mapping
Map the following attributes from your IdP to the SAML assertion:
emailuser.email (required)nameuser.displayName (optional)Send IdP Metadata to TrueConfig
Export your IdP's SAML metadata XML and email it to support@trueconfig.io along with your Organization ID (found in Settings → SSO).
SSO Activation
Our team will configure your SSO connection and notify you when it's active. Your users can then sign in via SSO using their IdP credentials.
Provider-Specific Guides
Microsoft Entra ID
Azure Active Directory / Entra ID setup
- Go to Azure Portal → Entra ID → Enterprise Applications
- Click "New Application" → "Create your own application"
- Select "Integrate any other application"
- Under "Single sign-on", select "SAML"
- Enter TrueConfig's SP Entity ID and ACS URL
- Download the Federation Metadata XML
Okta
Okta SAML app setup
- Go to Admin Console → Applications → Create App Integration
- Select "SAML 2.0"
- Enter "TrueConfig" as the app name
- Configure Single Sign On URL and Audience URI
- Set Name ID format to EmailAddress
- Download the IdP metadata
Security Considerations
Important Security Notes
- SSO users are linked to your organization based on their email domain
- Existing users with matching emails can sign in via SSO once configured
- We strongly recommend requiring MFA in your IdP for additional security
- SSO sessions follow your IdP's session timeout policies
- User deprovisioning in your IdP will prevent future SSO logins
Frequently Asked Questions
Can users still log in with email/password after SSO is enabled?
By default, yes. Users can continue to use email/password authentication alongside SSO. Contact support if you want to enforce SSO-only authentication.
What happens when I remove a user from my IdP?
The user will no longer be able to authenticate via SSO. Their TrueConfig account will remain, but they'll need email/password to access it unless you also remove them from TrueConfig.
Is Just-in-Time (JIT) provisioning supported?
Yes. When a user signs in via SSO for the first time, their account is automatically created and linked to your organization.
Which plans include SSO?
SSO is available on Pro and Scale plans. Essential plan users can upgrade to access SSO features.
Need Help Setting Up SSO?
Our team is happy to help you configure SSO for your organization.
Contact Support