Search
⌃K
Links

Single Sign-On (SSO)

Overview

For Enterprise-tier customers, Copia supports Single Sign-on, which enables users in your organization to sign-in and sign-up with an external identity provider.
Copia supports the following SSO features:
  • Just-in-Time (JIT) provisioning for users in your organization's email domain.
  • The option to require usage of SSO for any user with an email in your organization's domain.
  • Support and setup guides for over 20 OIDC and SAML Identity Providers including Shibboleth, Okta, OneLogin, Google, and many more.
Please refer to the bottom of this topic for some frequently asked questions

Configuration

Navigate to your Dashboard and choose the Organization you want to manage.
Click on the teal Settings button to manage the settings for your Organization.
Select the Single Sign-on (SSO) section and click on the Configure SSO button.
Copia will detect the email domain of your Organization based on user information. If the detected domain is incorrect, please contact us for assistance.
Copia has partnered with WorkOS to provide a seamless SSO onboarding experience. You'll be redirected to the WorkOS admin portal, where you can walk through the process of setting up your Identity Provider step-by-step.
After you have finished setup, you will see information about your Identity Provider in Copia. By default, all users in the Organization will have to use the Identity Provider during sign in and sign up.
If you want to remove SSO settings from the Organization, click the Delete Identity Provider button in the Delete SSO section.
Be careful when deleting your Identity Provider. Copia does not collect a password for users who sign up with SSO, so some users in your organization may be unable to sign in until a new Identity Provider is added.

Usage

After configuring SSO, users will see a Sign in with SSO button on the Copia login screen. Clicking on this will allows them to sign in with SSO based on their email domain.

Just-in-Time (JIT) Provisioning

If your email domain has SSO setup, users in your domain who attempt to register for an account or sign in with SSO will be redirected to your Identity Provider to login. Upon successful login, an account will be created for them and they will be added to your organization.
It is still recommended to send users an email invite in order to set up their permissions in the app before they join. Users in your organization who receive an email invite will be redirected to SSO during account creation.

SSO FAQ

  • Does this feature support self-hosted systems?
    • There are different SSO options for self-hosted systems. Please contact Copia for more information.
  • Does Copia support SCIM provisioning?
    • We do not currently support SCIM provisioning but it is on our roadmap for future development.
  • Will this affect my already configured SAML SSO configuration?
    • No, Copia will continue to support your existing configuration, until you have the opportunity to migrate to the new offering.