You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: src/segment-app/iam/sso.md
+5-8Lines changed: 5 additions & 8 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -101,17 +101,11 @@ Enter your domain and click "Add Domain." When you click verify, you're given tw
101
101
## Configuring SSO to access multiple workspaces
102
102
To configure SSO for multiple workspaces, your admin must configure access to each workspace as a separate app in your identity provider. You are unable to use verified domain(s) across multiple workspaces and will encounter the following error if you add a domain that is already verified in another workspace:
103
103
104
-
105
104
> warning ""
106
105
> **Warning**: This domain has already been claimed.
107
106
108
107
Once your admin has configured separate apps for each workspace in your IdP, the end-users can log in to the IdP and click on the relevant app for the workspace you are trying to access. This is also referred to as IdP-initiated SSO.
109
108
110
-
> info "Swithcing between Segment workspaces"
111
-
> Becasue a user, who logged in via SSO, is only signed in for one Segment workspace, the user needs to sign in again to access another workspace.
112
-
113
-
In this case, when the end-users visit [Segment login page](https://app.segment.com/login){:target="_blank"} to sign in via SSO, the users will only be redirected to one workspace which is also linked with the verified domain(s) because the login page only supports [Segment-initiated SSO](/docs/segment-app/iam/sso/#enabling-segment-initiated-login).
114
-
115
109
## Okta setup
116
110
117
111
The Okta/Segment SAML integration supports the following features:
@@ -179,7 +173,10 @@ Segment allows users to own their own workspaces. While your IdP authentication
179
173
Workspace owners can invite additional owners with any domain using the traditional invite mechanism. If the workspace is configured to require SSO, and the user is not on your IdP, you can add an Exemption under **Workspace Settings > Authentication > Advanced Settings**.
180
174
{% endfaqitem %}
181
175
182
-
{% faqitem How do I configure SSO to access multiple workspaces? %}
183
-
To use SSO for multiple workspaces, your admin must configure access to each workspace as a separate app in your identity provider.
176
+
{% faqitem What happens after I configured SSO to access multiple workspaces? %}
177
+
After SSO is configued to access multiple workspaces, you will have slightly different signin experience in the below scenarios
178
+
1. When you are switching between workspaces, and you have already logged in via SSO, you will need to sign in again before accessing other workspaces.
179
+
2. When you visit [Segment login page](https://app.segment.com/login){:target="_blank"} to sign in via SSO, you will only be redirected to one workspace which is also linked with the verified domain(s). It is because you are actually using the [Segment-initiated SSO](/docs/segment-app/iam/sso/#enabling-segment-initiated-login) in this scenario.
0 commit comments