What is SSO?
Single Sign-On (SSO) allows users to securely access multiple systems using one set of login credentials.
Benefits of SSO
Convenience: Employees only need one set of login details, reducing password fatigue and IT support requests.
Security: Enforce MFA and other safeguards via your Identity Provider (IdP). SSO is also commonly required for security certifications and compliance.
Which plans support SSO?
SSO is available on Pro, Premium, and Platinum plans only.
What protocols are supported?
Dashpivot supports:
OIDC
SAML 2.0
We support common Identity Providers (IdPs) such as Microsoft Azure AD and Okta.
Which users are affected?
When configuring SSO, you specify which email domain(s) it applies to.
All users whose email addresses match those domains will be required to log in via SSO across the Sitemate product suite, including Dashpivot and Flowsite workspaces.
How to set up SSO
SSO is configured manually with our team.
To begin setup, contact us via Live Chat or email. The process typically takes less than 30 minutes with your IT administrator.
During setup:
Your IT admin creates an application in your IdP.
URLs, certificates, or client secrets are exchanged.
The SSO connection is temporarily enabled to verify functionality.
A user with permission to configure applications in your organisation’s IdP must attend the session.
User provisioning
Automatic user provisioning via your IdP is not supported.
You must:
Add users to the appropriate folders in Dashpivot and assign permissions.
Provision those same users inside your IdP so they can authenticate successfully.
If a user is not provisioned in your IdP, they will be blocked from accessing Dashpivot.
IdP-initiated login
IdP-initiated login is not supported, as it is considered less secure than Service Provider-initiated login.
Rolling out SSO to your team
Once configured, SSO must be enabled.
When enabled:
All affected users will be automatically logged out.
Any unsaved work will be lost.
Users must log back in via your IdP.
We strongly recommend enabling SSO outside business hours to minimise disruption.
Communicate the rollout to your team in advance. Example message:
Hi team,
We are launching Single Sign-On (SSO) on [date and time].
At this time, you will be automatically logged out of Dashpivot on all devices.You will then log in using your company Microsoft account.
This applies to both the Dashpivot website and mobile app.
Please save your work before this time, as any unsaved progress will be lost.
If you have trouble logging in, please contact [IT admin name].
Additional notes
Users log in via the normal Sitemate login page and are redirected to your IdP after entering their email.
If SSO is not enabled for a domain, users can log in with a password as usual.
SSO support requires Dashpivot app version 23.3 or later.
Users on version 20.7+ will be forced to update.
Older versions must be manually updated.
How does SSO affect Visitor Users?
Visitor users are not affected by SSO, as SSO applies only to your organisation’s email domains.
To enable SSO for visitors:
Issue guest accounts via your IdP using your company domain (counts as internal users).
Or, if the visitor company uses Dashpivot, they can enable SSO on their side.
We recommend regularly reviewing and removing unnecessary visitor access.
How SSO affects Sitemate app users
SSO does not affect users of the Sitemate app, as they do not log directly into Dashpivot.
Password resets with SSO
When SSO is enabled:
Password reset/change is not available in Dashpivot.
Passwords must be managed through your organisation’s IdP.
Users should contact their IT administrator for assistance.
Turning off SSO
SSO can be disabled or modified by contacting our team.
When SSO is turned off:
All affected users must reset their Dashpivot password via the login page.
Previous passwords will not work.
If you have questions about SSO, contact our team via Live Chat.