Skip to main content

Single Sign-On (SAML) for Organization Accounts in Vev

Enable secure, centralized access to Vev using your organization's identity provider.

Iselin Ekornes avatar
Written by Iselin Ekornes
Updated this week

What is SAML Single Sign-On (SSO)?

Single Sign-On (SSO) using Security Assertion Markup Language (SAML) allows users to log in to Vev using their existing credentials from their organization's identity provider (IdP), such as Okta or Azure AD.

This integration provides:

  • Enhanced Security: Centralized control over user access and credentials.

  • Streamlined Access: A seamless login experience without separate passwords for Vev.

  • Enterprise-Grade Infrastructure: Powered by Google Cloud Platform (GCP) Identity Platform.

This feature is only available for accounts on the Organization plan. Interested in the feature? Talk to sales.

How SAML SSO Works

The SAML login process involves a secure exchange of information between Vev and your identity provider.

  1. A user navigates to the Vev login page.

  2. Vev generates a SAML request and redirects the user to your organization's Identity Provider (IdP).

  3. The IdP authenticates the user (e.g., by asking for a username and password).

  4. Upon successful authentication, the IdP sends a SAML response back to Vev.

  5. Vev verifies the response and grants the user access to their account.

How to Configure SAML SSO

Configuration is a two-part process: setting up your Identity Provider (IdP) and then enabling the connection within Vev.

Part 1: Configure Your Identity Provider (IdP)

Vev is compatible with any SAML 2.0-compliant identity provider. Popular options include:

  • OKTA

  • Azure AD (Microsoft)

  • OneLogin

  • ADFS (Microsoft)

  • Auth0

  • Google SSO

  • JumpCloud SSO

Required IdP Configuration Settings

When setting up a new SAML application in your IdP, you will need the following information from Vev. We recommend using default values for any optional fields.

Setting Name

Value to Use in Your IdP

Protocol

SAML 2.0

Single Sign-On URL
(Also: Reply URL, SSO Login URL)

https://editor.vev.design/sso

Assertion Consumer Service URL
(Also: ACS URL, Callback URL)

https://editor.vev.design/__/auth/handler

Entity ID
(Also: Identifier, Audience URI)

saml.x + [Your Vev Account Key]
​(You will find this in the Vev setup modal)

Required Attribute

email

NameID Format

email

Depending on your specific IdP, the exact naming of these fields may vary. Refer to your IdP's documentation for guidance.

Part 2: Enable SAML SSO in Vev

After configuring your IdP, complete the setup in Vev.

  1. Navigate to Security Settings:

    • Go to Account Settings.

    • Select the Security tab from the left-hand menu.

  2. Choose Your Provider:

    • Click Set up next to either a pre-configured provider (like Okta) or Custom SAML Provider for a generic SAML 2.0 setup.

  3. Register Your IdP:
    You can connect your IdP using one of three methods. Choose the one that best fits your workflow.

Using Metadata URL (Recommended):

  • If your IdP provides a Metadata URL, paste it into the field provided.

  • Vev will automatically retrieve all necessary configuration data.

Using Provider XML:

  • If you have a downloaded metadata XML file from your IdP, copy and paste the entire contents into the designated text field in Vev.

Using Provider Data (Manual):

  • Manually enter the required values (Entity ID, Single Sign-On URL, x509 Certificate) into the corresponding fields in Vev. You can typically find these in your IdP's metadata file.

Finalize the Setup:

  • Enforce SSO Login: To require all users to log in exclusively via SSO, ensure the "Require SSO" checkbox is selected. This will disable personal login credentials.

  • Optional SSO Adoption: If you do not enforce SSO immediately, existing users will have a three-month grace period to manually enable SAML login in their profile settings. They will receive in-app notifications to guide them.

  • Optional SSO Adoption: If you do not enforce SSO immediately, existing users will have a three-month grace period to manually enable SAML login in their profile settings. They will receive in-app notifications to guide them.

Logging In Via SAML SSO

Once SAML SSO is enabled, users can log in through two primary methods:

  • Direct SSO Link: Navigate directly to https://editor.vev.design/sso.

  • Standard Login Page: Go to the main Vev login page, enter your email address, and you will be automatically redirected to your organization's SSO portal.

Important Considerations

Before and after enabling SAML SSO, please keep the following in mind:

  • One Provider Per Account: You can only have one active SSO provider per Vev account. Configuring a new provider will overwrite the existing one.

  • Enforcement: Once you enable the "Require SSO" option, all users must log in through the designated identity provider. Previous email/password credentials will no longer work.

  • User Transition: If SSO is not enforced, existing users must manually switch to the SAML login method in their profile settings. They will be prompted to do so via in-app notifications.

Related Articles
Setting up Standard Hosting in Vev
Vev Essentials
Two-Factor Authentication (2FA) in Vev
Managing Your Vev Account
Authentication for Published Pages
Did this answer your question?