What is SSO?
Single sign-on (SSO) is a user authentication service that allows a user to use one set of login credentials (for example, a username and password) to access multiple applications.
How to enable SSO?
- Reach out to support to enable SSO. You must be on the Business plan.
When reaching out, please provide:- Your organization's name.
- Your organization admin's email address. Your organization admin is the IT person in your company who will be in charge of setting up SSO. This usually is NOT the same person that is the StreamYard account owner.
- The email domain for which you want to enable SSO.
- The team(s) on which you want to enable SSO.
- Once support has set up SSO, your organization admin will receive an email to set up SSO:
- The organization admin will log in to their StreamYard account and configure WorkOS. WorkOS is a third-party tool we use to support all SAML & OIDC single sign-ons.
WorkOS will walk you through each step needed, depending on your IdP provider. More info on setting up WorkOS available here.
During the configuration you will have access to:
- Single Sign-On URL (ASC)
- Audience URI (SP Entity ID)
- Attribute statements (id, firstName, lastName, email)
- Once WorkOS is configured, you will be able to see a toggle button in the Organization settings page. It is possible to turn SSO on and off to test and make sure everything is working correctly.
Note: SSO is not enabled by default, in case the organization admin wants to do additional testing after WorkOS is configured.
- Once SSO has been enabled by the Organization Admin, all team members will receive an email to log in using SSO. They will then be redirected to log in with SSO if they try to log in with an email address that is associated with the SSO platform.
FAQs
What plans is SSO available on?
SSO is available on the Business Plan.
Does this feature also include SSO viewers for On-Air?
No, this is a separate feature. SSO viewers for On-Air do not have a timeline yet.
Can I have multiple domains?
Yes, you can add as many supported domains as you'd like! All of the domains must use the same SSO provider. We don't support multiple SSO providers for a single team. Contact us to add another domain to your account!
Can I use a group email (for example, sales@streamyard.com) to sign in with SSO?
No, you must log in to StreamYard with the same individual email address that you use to authenticate through your SSO portal. In some rare cases, group email addresses can work if you are able to authenticate with that group email address through your SSO portal.
How does an organization admin get back to manage the organization settings page?
Your organization admin can access this page again by clicking on the link provided in the original email they received to set up SSO, or through this link: https://streamyard.com/organizations/`insertOrgID`/settings. If you don't know your Organization ID, reach out to support.
Can one team within a company have SSO enabled, and another team not have SSO?
Yes, SSO will be enabled per team so one could have it, and one could not.
Is it possible to access SSO through a redirect of the identity provider?
No. It is currently only possible to access SSO login from the StreamYard landing page for security reasons (we use SP-initiated SSO).
Can we have more than one organization admin?
Yes! Reach out to support with the email addresses of the organization admins you would like added to the account.
Related to
Updated