Single sign-on
Learn how to set up SSO for your Attio workspace.
Single Sign-On (SSO) enables Enterprise workspaces to manage user access through their identity provider using SAML. This setup streamlines authentication by allowing users to log in with their existing company credentials, while giving admins centralized control over who can access Attio.
Enable Single Sign-On (SSO)
SSO (Single Sign-On) can be set up in Attio by a workspace admin following these steps:
Navigate to the Security page:
Click on your workspace name.
Select Workspace settings from the dropdown.
Click Security in the sidebar.
Verify your domains
Under Single Sign-On > Domain Verification, add and verify each of the domains you wish SAML to apply to.
For example, if you want
attio.com
to be protected by your SAML provider (such as Okta), you must verifyattio.com
using our DNS challenge method.
3. Enable SAML
Once your domain(s) are verified, click Enable SAML. This will reveal the SAML configuration options.
4. Configure your IdP (Identity Provider)
To set up SAML within your IdP, you will need to create a new app for Attio. As part of this setup, the IdP will typically ask for several URLs. These may be labeled differently depending on the provider, but often include:
Entity ID or Identifier
Reply URL
Assertion Consumer Service (ACS) URL
For all of these fields, use the following format: https://app.attio.com/{workspace.slug}/saml_login
Replace {workspace.slug}
with your actual workspace slug. For example, if your workspace slug is acme
, the URL would be:
https://app.attio.com/acme/saml_login
.
5. Complete the SAML configuration in Attio
Back in Attio, set the Identity Provider Sign-in URL and upload your IdP’s certificate.
You can then retrieve your unique SAML SP URL for use with IDP-initiated flows directly from the SAML settings panel.
You'll need to ensure that the NameID is the email address of the user, as this is how Attio matches the account to the SAML token.