Enable SSO in Your Account

Enabling single sign-on (SSO) for your domain within FeedOtter allows Users you manage using an identity provider to easily and securely log in to their accounts. This article is all about SSO and how to set it up in your account.

What is SSO?

Single sign-on (or SSO) is a way to manage your organization's users, allowing them to authenticate and log in to many different applications with just one set of credentials, rather than having to set up multiple usernames and passwords across different platforms. It allows you to manage your users in a single location at your identity provider and prevents potentially losing or forgetting FeedOtter login credentials, as those are stored through another service.

Setting up SAML/SSO

To complete the setup in FeedOtter, you must already have service with an identity provider (IdP) of your choice.

Note: Service Provider (FeedOtter) provisioning is not supported. Accounts should be created first in the IdP or FeedOtter, and then authenticated via the IdP prior to logging in to FeedOtter.

You'll need to be either the FeedOtter Account Owner or an Administrator to follow these steps. See User Roles and Permissions for more information there.

1. Head to Settings > Company Settings > Security, and toggle the Enable SAML option.

2. You'll need to add a FeedOtter application to your IdP. We have instructions for several of the more popular below, as well as using a generic identity provider. You can check out the instructions for each here:

• Enabling SSO with OneLogin as the Identity Provider

• Enabling SSO with Okta as the Identity Provider

• Enabling SSO with Azure AD as the Identity Provider

• Enabling SSO with a Generic Identity Provider

All of the details you need to create a new application with your IdP are found on the Settings > Company Settings > Security > SAML page:

3. After setting up FeedOtter as a new application, you will need to enter the endpoint URL that you receive from the IdP in the Single Sign-On URL field in FeedOtter. You will also need to grab the IdP public key so that you can digitally sign authentication assertions, the X.509 certificate. Upload it to FeedOtter using the Upload Certificate button.

4. Toggle the Force SAML Sign-in on if you prefer to have your Users and Administrators only log in to FeedOtter through this method. The Account Owner will always be able to log in using a password as well.

Creating end-user accounts

To add members, create accounts for them in your IdP. Then create accounts for them in FeedOtter.

FUTURE? The first time a new member logs in to FeedOtter via the IdP, a FeedOtter account will be created for them via automatic IdP provisioning. The user will have access to organization resources as an organization member.

​Removing accounts

Removing a member from the IdP will prevent the user from being able to sign in to the corresponding FeedOtter account, but will not remove the account from FeedOtter. We advise also removing the account from the FeedOtter organization.