SSO Access Control
In the Spot console, you can enable single sign-on (SSO) for your organization.
Identity Providers
You can use these identity providers with Spot:
Set Up SAML SSO in the Console
-
In the Spot console, click the user icon
> Settings. -
Click Security > Identity Providers.
-
Enter the:
- Relay state: this is the Organization ID. It's used as the relay state configuration for the identity provider (used in IDP-initiated SSO).
- Provider type: currently, the only supported standard is security assertion markup language (SAML).
- Metadata: this is the data provided by the identity provider to sync the settings properly.
- User Default Organization Role: this is the role given to users who sign in using the Identity Provider (Viewer/Editor). Roles can be defined only by organization or by account, not both.
- User Allowed Accounts: the accounts the user has access to (Default Account or All Accounts).
View image
Organization and Role Selection
If you want to define different user roles per account, you can choose the organization and role the user signs in with when signing in with SSO.
Configure the IDP to create a SAML response with the parameter OrgAndRole. When this is defined, the user must select an organization and role when signing in.