Skip to main content
All CollectionsAccount ManagementAuthentication
Single Sign-On (SSO)
Single Sign-On (SSO)

Learn about single sign-on (SSO) and how it helps manage your organization.

Tiril Uggerud avatar
Written by Tiril Uggerud
Updated over a month ago

Single Sign-On (SSO) using Security Assertion Markup Language (SAML) allows users to access Vev through their organization's Identity Provider (IdP), offering enhanced security and a seamless login experience. Vev’s SSO integration is powered by Google Cloud Platform (GCP) Identity Platform, ensuring enterprise-grade security and scalability.

This feature is only available for accounts on the Organization plan. Interested in the feature? Talk to sales.

How SAML SSO Works

When SAML SSO is configured for your account, the login process follows these steps:

  1. A user attempts to log in to Vev.

  2. Vev sends a SAML request to the Identity Provider (IdP) associated with the user’s organization.

  3. The IdP verifies the user’s credentials and sends a response back to Vev.

  4. Vev processes the response and grants the user access to their account.

Configuring SAML SSO

Identity providers (IdP)

Use any identity provider of your choice. Below are the most popular identity provider platforms:

  • OKTA

  • Azure AD by Microsoft

  • OneLogin

  • ADFS by Microsoft

  • Auth0

  • Google SSO

  • Jumpcloud SSO

How to configure you IdP

You’ll need to configure your Identity Provider (IdP) with the correct settings to establish a secure SSO connection with Vev.

Go to your Identity Provider's configuration section
Navigate to your IdP's configuration area and follow their instructions to set up single sign-on. Each IdP has its own setup process, so refer to their specific documentation if needed.

Add the following metadata

Use the metadata settings below when configuring your IdP. We recommend skipping any optional fields and leaving any default values as they are:

Protocol

SAML 2.0

Service URL (SP-initiated URL)
(also known as Launch URL, Reply URL, Relying Party SSO Service URL, Target URL, SSO Login URL, Identity Provider Endpoint, etc.)

https://editor.vev.design/sso

Assertion Consumer Service URL
(also known as Allowed Callback URL, Custom ACS URL, Reply URL)

https://editor.vev.design/__/auth/handler

Entity ID

(also known as Identifier, Relying Party Trust Identifier)

saml.x + account key

(this will be found in your configuration modal in Vev)

Required Attribute Names

email

NameID Format

email

Depending on your IdP, you may need to provide additional details or adjust settings based on these specifications. Reach out to support if you need any assistance in this process.

Enabling SAML SSO in Vev

To enable and configure SAML SSO in Vev, follow these steps:

  1. Navigate to Account Settings.

  2. Select the Security tab from the menu.

  3. Click Set up on the identity provider of your choice:

    1. Okta Authentication

    2. Custom SAML Provider. The custom SAML provider option is a generic authentication provider for SAML2-based systems, allowing you to manually configure any SAML2-enabled IdP.

You can register your IdP with Vev using one of the following methods:

Using Metadata URL

If your IdP provides a Metadata URL, simply enter it in the provided field. Vev will automatically retrieve all the necessary metadata from the URL.

Using Provider XML

If you have the IdP’s generated metadata file, copy its contents and paste them into the designated text field in Vev. This method allows Vev to configure the necessary settings based on the provided XML data.

Using Provider Data

For a more manual setup, you can enter the required data fields from your IdP directly into Vev. This method involves matching up specific values such as Entity ID, Single Sign-On URL, and x509 Certificate, which can typically be found in the IdP’s metadata file.

Finalizing the Setup

After configuring your settings:

  • Enforce SSO Login: To require all users to sign in using Single Sign-On (SSO), make sure the "Require SSO"option is checked. This setting ensures that personal login credentials will no longer work, and users must use the SSO provider the next time they log in. No action is needed from users to enable this on their accounts.

  • Optional SSO Adoption: If you choose not to enforce SSO immediately, users will need to manually enable the SAML SSO login method in their profile settings. Existing users will have three months to switch to SSO login and will receive in-app notifications to complete this process.

Logging in via SSO

When users log in to Vev, they can click the "Log in using SSO" (/sso) link on the login page to access the SSO login directly. If they try to log in on the initial login page, users will be redirected to /sso, and their authentication provider will open automatically. After entering their email, Vev will recognize the associated login provider and initiate the authentication process accordingly.

Important Considerations

  • One SSO Provider Per Account: Only one SSO provider can be enabled per account. Configuring a new provider will overwrite the previous one.

  • SSO Requirement: Once SSO is enabled, all users must use it to access their accounts. Previous credentials will no longer work.

Related Articles
Setting up Standard Hosting in Vev
Vev Essentials
Tracking and Analytics
Project Plans
Two-Factor Authentication (2FA)
Did this answer your question?