You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: src/segment-app/iam/sso.md
+17Lines changed: 17 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -97,6 +97,23 @@ Enter your domain and click "Add Domain." When you click verify, you're given tw
97
97
> note ""
98
98
> **Note**: domain tokens expire 14 days after they are verified.
99
99
100
+
## Configuring SSO to access multiple workspaces
101
+
To configure SSO for multiple workspaces, your admin must configure access to each workspace as a separate app in your identity provider.
102
+
103
+
This is because, you are unable to use one domain across multiple workspaces, and you will encounter this error if you try adding a domain that is already verified in another workspace:
104
+
105
+
> warn ""
106
+
> **Warning**: This domain has already been claimed.
107
+
108
+
Once your admin has configured separate apps for each workspace in your IdP, the end-users can log in to the IdP and click on the relevant app (or tile) for the workspace you are trying to access (also referred as IdP-initiated SSO).
109
+
110
+
Limitations:
111
+
> note ""
112
+
> **Note**: As you are only able to verify a domain in one of the workspaces, your users will only be able to log in to the workspace in which the domain has been verified when logging in via Segment’s Login page.
113
+
114
+
> note ""
115
+
> **Note**: Switching a workspace directly within Segment UI will not work, and the users will have to switch workspaces using IdP-initiated SSO.
0 commit comments