Guides

Single sign-on

Suggest Edits

Overview

Palisade supports Single Sign-On (SSO) using a third-party login.

SSO allows organization employees to use their existing third-party platform login details (for example, via Google, Okta, PingFederate etc.) to login to Palisade, rather than a separate Palisade-specific username and password. This can greatly simplify the login process for customers.

When to use SSO with Palisade:

  • You are confident in your existing security posture and SSO configuration
  • You want to keep sign-in controls consistent across your organization

When NOT to use SSO with Palisade:

  • You want to segregate both authentication and authorization from your organization's single sign-on
  • You are not confident that your organization's SSO controls are strong enough to also protect your access to Palisade

Important: Once you switch to using SSO with Palisade, it is your responsibility to secure your SSO access and ensure you have adequate governance controls in place that prevent unauthorized access to Palisade.

Configure SSO for your organization

📘

You must have administrator access (or equivalent) on your existing authentication platform, and administrator access in Palisade to carry out the following steps.

  1. Navigate to the ‘Settings’ section of the Palisade console and click on ‘Security’
  2. Username/password will be displayed as the default authentication method. Click ‘Add new method’.
  3. Click ‘Create connection’ --> ‘Get Started’ and then select your third-party platform
  4. Follow the setup wizard to connect your SSO platform to Palisade
  5. Once complete, the new authentication method will be displayed in the ‘authentication methods’ table.

🚧

Set the new authentication method to be the default method by clicking on the three dots in the ‘actions’ column. This is very important as once a user has been invited to Palisade, it is not possible to change the authentication method they use.

  1. Invite users as normal to Palisade using their existing SSO email address
  2. The user can then accept their invite as normal and login to Palisade by clicking ‘Continue with SSO’

If you would like the authentication method to vary depending on which user you are inviting to Palisade, simply change the default authentication method to your desired method before sending the invite.

Updated 3 days ago