Edit

Enforcing Single Sign-On (SSO)

Enforcing Single Sign-On (SSO) guarantees that every team member authenticates through your identity provider (IdP), enhancing security and simplifying password policies. Administrators can enable or selectively override SSO as needed.

Enforce SSO for All Users

  1. Open My Account.

  2. In SSO Configuration, tick Disable login with AutoRABIT credentials.

  3. Click Save.

From now on, all users must log in via SSO. Org Administrators can still sign in with either SSO or their AutoRABIT username/password—useful for IdP outages.

Override SSO for Specific Users

An Org Admin can exempt individuals (e.g., contractors) from SSO without disabling it globally.

  1. Go to Admin › Users.

  2. Select the user(s) you want to exempt.

  3. Untick the Enforce SSO checkbox next to their names.

  4. Click Save.

Unchecking Enforce SSO for selected users

  • Enabling Disable login with AutoRABIT credentials auto-checks Enforce SSO for every user.

  • You can override on a per-user basis at any time.

FAQ

Does AutoRABIT support login IP restrictions?

Yes! Login IPs can be restricted via SSO irrespective of how you are hosted (shared or dedicated tenant). These restrictions can be enforced via SSO using various providers.

Here is documentation from Okta on how to set up network zones that restrict access to registered apps: https://help.okta.com/oie/en-us/content/topics/security/network/network-zones.htm.

Likewise, here's one from Microsoft Entra SSO: https://learn.microsoft.com/en-us/entra/identity/conditional-access/concept-assignment-network.

PreviousDelegating Approvals to Another UserNextSalesforce API Version

Last updated

Was this helpful?