Tighten up and simplify your Stitch account’s security with the Single Sign-on (SSO) feature.

In this guide:


Single Sign-on (SSO) basics

What is Single Sign-on?

From Wikipedia:

Single Sign-on (SSO) is an authentication scheme that allows a user to log in with a single ID and password to any of several related, yet independent, software systems.

SSO allows you to securely grant members of your team access to Stitch by internally managing their credentials through the Identity Provider (IdP) of your choice.

How does SSO work in Stitch?

When SSO is enabled in Stitch, non-Administrator users must sign into Stitch using your organization’s Identity Provider (IdP).

Additionally, when SSO is enabled:

  • Upon initial enablement, all pending team member invitations are invalidated
  • Upon initial enablement, all existing team members in the account receive an email notification
  • Only Administrator users are able to update their email addresses and passwords, or add, deactivate, or reactivate other team members
  • Team members access must be managed in your IdP

What Identity Providers (IdP) are supported by Stitch?

Stitch currently supports the following Identity Providers (IdP):

Who can enable SSO?

SSO can be enabled by any team member of a Stitch account with an Administrator role. The team member who initially enables SSO becomes an Administrator user. To request that other users are added or removed as Administrators, the Administrator should contact support.

Who can modify the SSO configuration?

Only Administrator users can modify an existing SSO configuration. This includes modifying any settings, disabling SSO, or reenabling SSO.

How is team member access to Stitch managed?

When SSO is enabled, team member access must be managed in your IdP. If your colleague requires access to Stitch, a user with the required permissions in your IdP must grant them access through the IdP. This is also applicable if a team member no longer requires access to Stitch.

Note: Team members removed from your IdP will still display in the Team members section of the Account Settings page, even though they no longer have access to Stitch. To clean up the list, click Deactivate to remove them.

How can I access Stitch if my Identity Provider experiences downtime?

If SSO is enabled and your IdP is experiencing downtime, only Administrator users will be able to access Stitch. These users can sign into Stitch using their password, ensuring a member of your team will always have access even if your Identity Provider is down.

What happens when SSO is disabled in Stitch?

Only an Administrator can disable SSO in Stitch. When SSO is disabled, the following occurs:

  • All team members in the account receive an email notifying them that SSO has been disabled
  • All team members in the account receive a password reset email
  • Team members must sign in using Stitch credentials
  • Team members may be invited or removed directly in Stitch

Note: This is also applicable when switching to a different IdP, as switching IdPs requires disabling the current SSO configuration.


Enabling SSO

To enable SSO in your Stitch account:

  1. Click User menu (your icon) > Manage Account Settings.
  2. Scroll down to the Single Sign-on section and click Enable SSO.

  3. Select your IdP from the SSO Provider menu.
  4. Click Continue.
  5. The configuration page for your IdP will display.
  6. Follow the guide for your IdP to complete the setup. Click here for links to the guides.

Modifying SSO settings

  1. Click User menu (your icon) > Manage Account Settings.
  2. Scroll down to the Single Sign-on section.
  3. Click Edit. The SSO Settings page will display.
  4. Make your changes, clicking Save and Update when finished.

Disabling SSO

  1. Click User menu (your icon) > Manage Account Settings.
  2. Scroll down to the Single Sign-on section.
  3. Click Edit. The SSO Settings page will display.
  4. In the Disable SSO section, click Disable SSO.
  5. When prompted to confirm, click Disable SSO to continue.

A Success! message will display in the Account Settings page if the configuration is disabled successfully. After SSO is disabled, team members in the account will receive an email notification and a password reset email.


Switching to a different IdP

As Stitch allows only one SSO configuration at a time, you’ll need to disable the current configuration and then enable SSO again to switch to a different IdP.

  1. Disable the current SSO configuration.
  2. Re-enable SSO, following the guide for your IdP to complete the setup. Click here for links to the guides.


Questions? Feedback?

Did this article help? If you have questions or feedback, feel free to submit a pull request with your suggestions, open an issue on GitHub, or reach out to us.