Single Sign-On (SSO)
Pro can connect TASKBASE to an organization’s identity provider using SAML or OIDC. A workspace owner or administrator configures SSO.
Configuration flow
- Open SSO in workspace settings.
- Choose SAML or OIDC.
- Register the service-provider information shown by TASKBASE in the identity provider.
- Enter the identity-provider information into TASKBASE.
- Configure allowed domains, automatic provisioning, and SSO enforcement as needed.
- Test with a non-administrator account before enforcing SSO.
URLs, identifiers, certificates, and client values may be unique to the workspace. Always use the values shown in your settings instead of values copied from another environment.
Prevent lockout
- Keep more than one workspace owner.
- Prepare a test user in the identity provider.
- Confirm email addresses and allowed domains.
- Track certificate and client-secret expiration.
- Test normal sign-in and permissions before enforcing SSO.
- Maintain an internal emergency contact and recovery procedure.
If sign-in fails after a change, contact another owner who can change enforcement or your support contact. Never send certificates, client secrets, or passwords in ordinary chat or email.
Last updated on