Single sign-on

Single Sign-On (SSO) enables Enterprise workspaces to manage user access through their identity provider using SAML. This setup streamlines authentication by allowing users to log in with their existing company credentials, while giving admins centralized control over who can access Attio.

Enable Single Sign-On (SSO)Copy link

SSO (Single Sign-On) can be set up in Attio by a workspace admin following these steps:

1. Verify your domains
   From the Security panel in your Workspace settings, verify each of the domains you wish SAML to apply to.
   For example, if you want attio.com to be protected by your SAML provider (such as Okta), you must verify attio.com using our DNS challenge method.

2. Enable SAML
   Once your domain(s) are verified, click Enable SAML. This will reveal the SAML configuration options.

3. Configure your IdP (Identity Provider)
   To set up SAML within your IdP, you will need to create a new app for Attio. As part of this setup, the IdP will typically ask for several URLs. These may be labeled differently depending on the provider, but often include:

   • Entity ID or Identifier

   • Reply URL

   • Assertion Consumer Service (ACS) URL

   For all of these fields, use the following format: https://app.attio.com/{workspace.slug}/saml_login

   Replace {workspace.slug} with your actual workspace slug. For example, if your workspace slug is acme, the URL would be:

   https://app.attio.com/acme/saml_login.

4. Complete the SAML configuration in Attio
   Back in Attio, upload your IdP’s certificate and set the IdP Sign In URL.
   You can then retrieve your unique SAML SP URL for use with IDP-initiated flows directly from the SAML settings panel.

You'll need to ensure that the NameID is the email address of the user, as this is how Attio matches the account to the SAML token.