Skip to main content

Overview

Single Sign-On (SSO) allows your organization to manage user authentication through your existing identity provider. This setup improves security posture by enforcing consistent login policies across tools, while also making user provisioning and changes more straightforward. With SSO in place, teams can control access at scale, reduce operational overhead, and meet compliance standards required in enterprise environments. It’s also a key building block for Role-Based Access Control (RBAC) and auditability.

Key Benefits

  • Security and Compliance - Enforce your organization’s authentication policies, including multi-factor authentication and password requirements
  • Centralized User Management - Manage user access through your identity provider instead of separate env zero accounts
  • Automated Provisioning - Users are automatically provisioned with appropriate roles when they sign in through SSO
  • Audit Trail - Authentication events are logged in your identity provider for compliance reporting

What’s New: Self-Service Configuration

You can now configure SSO directly from the env zero interface without contacting support. This means:
  • Immediate setup - Configure SSO during your initial onboarding without waiting for support tickets
  • Full control - Update SSO settings, domain mappings, and role configurations on your own schedule
  • No dependencies - Make changes without coordination or back-and-forth with support teams
Previously, SSO configuration required submitting a support request. With self-service SSO, you have complete control over your authentication setup directly in the UI.

Supported Authentication Methods

env zero supports two authentication methods:
  • Azure Active Directory (Microsoft Entra ID) - OAuth-based authentication for organizations using Microsoft identity services
  • SAML 2.0 - Standard protocol compatible with any SAML identity provider (Okta, OneLogin, JumpCloud, and others)

Prerequisites

Edit Organization Settings permission is required to configure SSO for your organization.

Accessing SSO Configuration

1

Navigate to Organization Settings

Go to your organization settings.
2

Open SSO Tab

Click on the SSO tab.

SSO Connection Types

Your organization can have one SSO connection configured at a time. You can choose between:
  • Azure Active Directory - OAuth-based authentication with Microsoft Entra ID
  • SAML - SAML 2.0 authentication with any SAML-compatible identity provider
SSO connection configuration interface showing options to create Azure AD or SAML connection

Configuring SSO

1

Select Connection Type

Click on Azure AD or SAML to create a new connection, or click on an existing connection to edit it.
2

Complete Configuration Form

Fill out the self-service form with the required information. The form includes two steps:
  • Single Sign-On - Configure the SSO application settings
  • Domain Configuration - Set up domain and property mappings
3

Configure SSO Application

Set up the SSO application in your identity provider as expected and configure the necessary property mappings.
Self-service SSO configuration form showing Single Sign-On and Domain Configuration steps

Setup Guides

Advanced Configuration

Switching SSO TypesIf you’d like to switch between SAML and Azure AD (or vice versa), please contact us at [email protected].
For advanced configuration options including team filtering and admin role assignment, see Sync Roles & Groups From Your IdP.

Editing an Existing Connection

To edit an existing SSO connection, navigate to Organization Settings > SSO tab and click on the configured connection.
SSO connection configuration interface showing existing connection that can be edited