Your users will be able to access the PhraseApp account, as long as they’re logged in to your organisation’s identity provider system.
Within your identity provider solution, you will be able to take control of the following rights:
- Manage who is able to access PhraseApp
- Update user details (first/last name)
Once SSO is enabled, you will still be able to manage all user roles within your PhraseApp account.
SAML SSO is available to all customers on Pro and Exclusive Plans.
How to set up SAML SSO?
In order to activate SAML SSO, you must be be logged in as the owner of that account.
Choose SSO in your account navigation.
Enable SSO and follow the setup steps below.
You can find the information that you need, in order to setup PhraseApp with your identity provider in the first part of the SSO settings.
Fill in the information from your identity provider in the second part of the SSO settings.
Auto Provisioning and Enforced SSO
Note that Auto Provisioning has to be enabled, in order to automatically set up a new PhraseApp account for users that don't have access to PhraseApp yet.
Those user accounts will initially have a translator role with limited rights but can be changed by a manager at any times.
When clicking the Enforce SSO box, a password based login won't be possible anymore.
Set up SSO in okta
Please note: Administrative access in your okta instance is required to set up SSO in okta . This process is only accessible within the Classic UI in okta.
To configure PhraseApp SSO with okta, do the following:
Log in to okta. Make sure that you are in the administrative instance of your okta developer account.
Open the applications settings
Create a new application
Update the SAML settings with the information provided in your PhraseApp SSO settings.
Finish the setup process and view the SAML 2.0 settings provided by okta
Copy and paste those settings provided by okta into your PhraseApp SSO settings.
Does multi-account login work between non-SSO accounts?
Yes. Switching between non-SSO accounts works.
Does multi-account login work between SSO and non-SSO accounts?
No. If you are a collaborator on multiple accounts, switching from or to accounts that are SSO-enabled will not be allowed for security reasons. To log into a non-SSO account, logout and login to your non-SSO account with your e-mail and password on phraseapp.com.
How to revoke a user’s access
Within PhraseApp you can remove the user so he/she will not be able to access any projects anymore. To revoke the access completely, you have to revoke the rights within your Identity Provider.