Estimated reading time: 4 minutes
Centralized login systems are often considered a best practice in order to increase security and simplify Enterprise user management. For more information on SSO and how it works, click here to read a detailed article from our partners at Auth0.
Enabling Enterprise Single Sign-On at Pipefy
Some companies have, according to their Pipefy plan tier, the option of enabling Single Sign-On for all their Pipefy users. This process is offered on a pre-defined, mutually agreeable schedule and requires a few steps from Pipefy's team as well as from the customer IT team.
The company should be on a specific Enterprise plan tier in order to request and schedule the SSO setup. If you're not sure if your company's plan tier is compatible, please access https://app.pipefy.com/billing or check with your Customer Success Manager.
Create a request to Pipefy's technical support team using this link that specifies some key details we need to properly define your implementation: http://app.pipefy.com/public/form/ixBFZ-Sh
Receive confirmation from the technical support team and integration instructions. This initial review might take up to 15 business days and it may require further details from or discussions with your IT team before proceeding to schedule the cutover date to deploy your SSO framework.
Our team is going to set up a custom subdomain for logins from your company. This step may take up to 7 business days.
Please note that the ability to support any particular authentication framework is a shared responsibility between Pipefy and our partner Auth0, and in some special cases we may not be able to support certain 'out of the box' settings.
Using Enterprise Single Sign-On
To start using the Enterprise Single Sign-On, after it's set up following the steps above, end-users must access the specific URL shared with your company to log on to Pipefy (if you were a Pipefy user before your company migrated to SSO, your previous login methods will not work any longer and you must use the specific URL provided).
If you don't have your company's custom URL, please verify with your internal IT team or open a support ticket for our team. We will never ask for your password or share your credentials with anyone outside your company in this process.
Creating new companies (switch companies) under Enterprise SSO
Every company using Enterprise SSO needs to be set up under the Enterprise plan manually. We recommend that Enterprise SSO admins should open a support ticket in case they want to add a new company to their Enterprise Accounts.
Support flow for Enterprise Single Sign-On users
In order to solve certain kinds of support needs (for example, data-specific issues and/or investigations involving cases that we cannot replicate without direct access to your company's instance of Pipefy), our team may need you to provide "vendor" user accounts in your identity-management framework so that our staff supporting your needs in order to troubleshoot with you.
The ability to troubleshoot those types of issues might be limited unacceptably if this isn't a possibility for your company.
Authentication x Authorization
We currently offer two types of SSO connections: Azure Native (non-SAML) and SAML. The first, Azure Native (non-SAML), offers authentication and authorization options, making it possible to automatically provision users within the platform. Learn more.
The second (SAML) only offers an authentication option, that is, the user can log in, but if he has not been invited to the organization, nothing will be shown. In this case, user access control continues to be done within the platform.