What is Single Sign-On (SSO)?

Single Sign-On Authentication (or SSO Authentication) allows you to log in to multiple applications or Service Providers (SP) using a single set of credentials. Once SSO is configured for you, the SP will route you to your Identity Provider (IdP) to enter your credentials. Once you have has entered valid credentials, the IdP will send a message back to Coachello telling you that your credentials are valid and that you should be allowed access to your Coachello instance.

What are the benefits of SSO?

You only need to remember one set of credentials in order to access Coachello. This provides an improved user experience as you do not need to remember multiple passwords.

Coachello is not responsible for managing the identity of the user. Since the credentials are stored with the customer, there is no risk that user credentials can be stolen from Coachello.

Identity Providers can add additional layers of security before allowing access to Coachello. One common additional layer is Multi-Factor Authentication (MFA) where you must have physical access to your phone as a secondary factor to ensure your identity.

Which Coachello plans support SSO?

Enterprise and Business customers have access to SSO.

Enterprise customers have the ability to configure SSO on their own using the Company Dashboard. Documentation on configuring SAML 2.0 can be found here. Business Customers currently need the support of Coachello resources to configure SSO and should either submit a ticket with Support. Teams+ Customers do not have the ability to configure SSO.

Can I turn SSO on for only some users and not for all of them?

No - all users in your company with your organization’s email domains will have to use SSO if you enable it. You cannot enable it for some users and not for others.

Can users still use a password after turning on SSO?

No - once SSO is enabled, all users will have to use their Single-Sign on credentials. There won’t be an option for any user to use their password instead. The only way to go back to using a password is if they disable SSO for the company (all users).

Can we turn off SSO? What will happen?

Yes, customer support staff can disable the configuration at any time. All users will go back to logging in with their email and a password. Even if you are on Enterprise (have a company admin and set up SSO on their own) you will not have access to disable it. Only someone from Coachello can turn it off. We can only turn it off if the request comes from the company/workspace/identity provider admin. Please reach out to the Support team if you would like to turn it off.

Do users that don't have an account yet need to create one still?

Technically, no, you do not need to create an account. When you log in to Coachello, your account will automatically get created using your SSO credentials (as long as you’ve been added to the active directory in the identity provider). However, you will still need an invitation to access the company’s workspace in Coachello.

Does the SSO Integration support IDP-Initiated flow? Or can I add Coachello to our IDP apps directory?

Yes, the integration supports IDP-initiated flow. We need to provide you with a relay state value to add to your configuration and that will allow you to be able to access Coachello via your app in the identity provider when SSO is enabled.

Is there any way for SSO to allow users to be directly added to the workspace?

No, you will still need an invitation to the workspace from Coachello to be able to access it. However, if you are part of an Enterprise plan, you do have an option in company settings to set a default workspace for your users to join when you first join Coachello. This would have you join that default workspace automatically when you join and would only need an invitation if you need access to another workspace (or any specific content within the default workspace).

Do you support security groups?

No, we currently do not support security groups.

How will SSO log-in differ on the IOS or windows app vs. the browser?

SSO login will not be any different on the browser vs. the Windows or IOS application.

Does Coachello support SCIM provisioning?

Yes, we support SCIM provisioning for enterprise customers. Please click here for more information.