Looking for SSO setup instructions? Go here!
Q: Is SSO available in my country?
SSO is available in the United States, Canada, and Australia.
Q: Which SSO protocols are supported?
Only SAML 2.0 is supported at the moment.
Q: Do standard login users get locked out once SSO is setup?
At this time, we do not lock users out of using the standard ETO login page, even when SSO is enabled. ETO users will be able to login through both the normal login page as well as through the organization's unique Single Sign-On URL.
Note: Your ETO password and your Single Sign-On password do not sync and should be treated as separate credentials.
Q: What happens if I stay idle for a long time?
The system will log you out after the set number of minutes set by your organization and you will lose your work. Please ensure you save your work as often as possible.
Q: Will adding a user to my identity provider (IDP) also add the user to ETO?
No, you will have to also go into ETO and add the user account and user permissions.
Q: When I create a new SSO configuration, will our login URL change?
Yes, the login URL will change and you will need to redistribute the new URL amongst your organization.
Q: Can I configure a custom login or logout URL?
At this time, we do not support the ability to create custom URLs.
Q: How does SSO work if I have two environments to log into?
Each environment must have their own configuration and login URL. Users will not be able to log in to both environments with the same URL.
Q: Can we utilize tiles in our IDP?
We do not officially support IDP-initiated sessions, such as ones accessed through a tile in Azure. Our best practice remains utilizing the generated SSO URL from our SSO set-up article.
Q: If the SSO certificate in my IDP is renewed, will this automatically be reflected in my SSO configuration?
Yes, but only if you opted to provide a metadata URL (as opposed to a metadata XML file) upon creating your SSO configuration. If you opted for a file, you will need to delete your configuration and create one again. If you’re still having issues after rebuilding the configuration, please see the “Additional Troubleshooting” section of this article for further information.
Additional Troubleshooting
If you're receiving a "403 Forbidden" error upon accessing your new login URL, even after rebuilding your SSO configuration, you may need to toggle your User Pool back and forth then create a new SSO configuration. This will force a full refresh or reset of the URL.