Integrations 4 min read

Single Sign-On (SSO)

Single Sign-On (SSO) lets your team sign in to OKRs Tool using your existing identity provider — no separate passwords required.

Supported providers

OKRs Tool supports SSO via SAML 2.0. This includes providers such as Okta, Microsoft Entra ID (Azure AD), Google Workspace, and most enterprise identity platforms.

Setting up SSO

Go to Settings → Security

Navigate to Settings → Security and find the SSO section.

Enter your IdP details

Paste your Identity Provider SSO URL and X.509 certificate from your provider's admin console.

Configure your IdP

In your identity provider, create a new SAML application and enter the OKRs Tool ACS URL and Entity ID shown in the SSO settings screen.

Test the connection

Click Test SSO to verify the configuration works before enforcing it.

Enforce SSO (optional)

Once tested, toggle Enforce SSO to require all members to sign in via your identity provider. Members who try to sign in with email and password will be redirected to your IdP.

Before enforcing SSO

Make sure all members have accounts in your identity provider before enforcing SSO. Members without IdP accounts will be locked out.

SCIM provisioning

OKRs Tool supports SCIM 2.0 for automatic user provisioning and deprovisioning. When a member is added or removed in your IdP, OKRs Tool updates automatically. Contact support to enable SCIM for your workspace.