Single sign-on (SSO) is system that enables users to securely authenticate with multiple applications and websites by logging in only once—with just one set of credentials (username and password).
Process Street supports many Identity Providers (IDP), including:
Supported SSO Providers
- Microsoft ADFS
- Azure AD
- Ping Federate 7
- and other SAML providers
Don’t see your provider here? Contact us to inquire about availability.
Optional vs. Required SSO
- Optional SSO means this will be an optional log-in method, while still allowing users to log-in with email and password.
- Required SSO means this will be the required log-in method, and any other way to log-in to Process Street will be disabled.
- Locking to an SSO will change user’s ownership from User to Organization. Users will not be able to add new organizations, additional email addresses and can’t be invited to another organization.
- There are a few requirements needed in order to enable required SSO:
- Remove any non-company domain email addresses. For example if your company uses [email protected] for emails, you must remove any users who are using [email protected] email addresses.
- Remove multiple emails addresses. Only one email address is allowed per user.
- Remove multiple organizations. Required SSO users will be locked to one organization, so if they have access to other organizations, they must be removed.
Provisioning and Deprovisioning
- Provisioning: Process Street supports Just-In-Time provisioning for accounts, meaning new user accounts are created the first time they log-in to Process Street.
- Deprovisioning: Currently Process Street does not support deprovisioning. When users are deprovisioned in your IDP, you’ll need to remove them from your Organization Settings.
SSO Invitation Options
- Manual Invitations: You can invite specific users by their email on the organization settings page:
- Invitation via Link: You can also provide a custom link to any user who wants to join your organization without an invitation email.
- Example Invitation Link: https://app.process.st/login/sso/[your-organization-connection-name]
Default User Type
- Once SSO is enabled, you can choose whether users will be added as guests or members by default on the organization settings page. As this may affect your billing, it’s best to speak with your Account Executive to understand your options.