Skip to Content
Account ManagementSingle Sign-On

Single Sign-On

Detectify supports SAML 2.0-based Single Sign-On (SSO), allowing your team to authenticate through your organization’s identity provider (IdP). This centralizes access management and enforces your existing authentication policies.

Supported Identity Providers

Detectify’s SAML implementation works with any SAML 2.0 compliant identity provider, including:

  • Okta
  • Azure Active Directory (Microsoft Entra ID)
  • Google Workspace
  • OneLogin
  • Ping Identity
  • JumpCloud

Prerequisites

Before configuring SSO, you need:

  • A Detectify account with Account Owner permissions
  • Administrator access to your identity provider
  • A verified email domain in Detectify that matches your organization’s email domain

Configuration Steps

Step 1: Get Detectify SAML Details

  1. Navigate to Settings > Security > Single Sign-On.
  2. Copy the following values, which you will need to configure your IdP:
    • ACS URL (Assertion Consumer Service URL)
    • Entity ID (also called Audience URI)

Step 2: Configure Your Identity Provider

In your identity provider, create a new SAML application with the following settings:

FieldValue
ACS URLThe URL copied from Detectify
Entity IDThe Entity ID copied from Detectify
Name ID formatEmail address
Name ID valueUser’s email address

Step 3: Complete Detectify Configuration

  1. From your IdP, obtain the following:
    • IdP SSO URL — The login URL for your identity provider
    • IdP Certificate — The X.509 certificate used to sign SAML assertions
  2. In Detectify, navigate to Settings > Security > Single Sign-On.
  3. Enter the IdP SSO URL.
  4. Upload or paste the IdP certificate.
  5. Click Save.
  6. Click Test Connection to verify the configuration works.

Step 4: Enable SSO

After testing successfully:

  1. Toggle Enable SSO to on.
  2. Optionally, toggle Enforce SSO to require all users in your account to authenticate via SSO. When enforced, password-based login is disabled.

User Provisioning

When SSO is enabled, users who authenticate through your IdP for the first time are automatically created in Detectify if their email domain matches your configured domain. New users are added with default permissions that you can configure in the SSO settings.

Troubleshooting

  • “Invalid SAML response” — Verify that the Name ID format is set to email address and the certificate is correct
  • Users cannot log in after enabling SSO — Ensure the IdP application is assigned to the correct user groups
  • Certificate errors — IdP certificates expire periodically. Update the certificate in Detectify when your IdP rotates certificates
Last updated on
Users & RolesTwo-Factor Authentication