You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: src/segment-app/iam/sso.md
+5-9Lines changed: 5 additions & 9 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -98,21 +98,17 @@ Enter your domain and click "Add Domain." When you click verify, you're given tw
98
98
> **Note**: domain tokens expire 14 days after they are verified.
99
99
100
100
## Configuring SSO to access multiple workspaces
101
-
To configure SSO for multiple workspaces, your admin must configure access to each workspace as a separate app in your identity provider.
101
+
To configure SSO for multiple workspaces, your admin must configure access to each workspace as a separate app in your identity provider. You are unable to use verified domain(s) across multiple workspaces and will encounter the following error if you add a domain that is already verified in another workspace:
102
102
103
-
This is because, you are unable to use verified domain(s) across multiple workspaces, and you will encounter this error if you try adding a domain that is already verified in another workspace:
104
103
105
104
> warn ""
106
105
> **Warning**: This domain has already been claimed.
107
106
108
-
Once your admin has configured separate apps for each workspace in your IdP, the end-users can log in to the IdP and click on the relevant app (or tile) for the workspace you are trying to access (also referred as IdP-initiated SSO).
107
+
Once your admin has configured separate apps for each workspace in your IdP, the end-users can log in to the IdP and click on the relevant app for the workspace you are trying to access. This is also referred to as IdP-initiated SSO.
109
108
110
-
Limitations:
111
-
> note ""
112
-
> **Note**: As you are only able to verify the domain(s) in one of the workspaces, your users will only be able to log in to the workspace in which the domain has been verified when logging in via Segment’s Login page.
113
-
114
-
> note ""
115
-
> **Note**: Switching a workspace directly within Segment UI will not work, and the users will have to switch workspaces using IdP-initiated SSO.
109
+
Two limitations do exist when multiple workspaces are configured to SSO access:
110
+
- Users will only be able to log in to the domain-verified workspace on Segment’s login page.
111
+
- Users must switch workspaces using IdP-initiated SSO, as they are unable to switch directly using the Segment UI.
0 commit comments