Can you connect SSO/SCIM to multiple accounts
No, you can only connect to one production org
What IDPs do we support?
We fully support Okta, OneLogin, Azure AD, PingFederate, PingOne IDPs, and we have a lot more in beta.
When I complete the transition to SSO or User management, will my team be logged out and need to log in again (to web app and/ or Chrome)?
No account will be logged out. However, an email will be sent to prompt them to log in via SSO.
For an admin that just signed up with Spekit, will the integration within their IDP already be set up? (Can they log into Spekit right away through their IDP?)
After signing up, the admin has to connect their IDP for both SSO and SCIM, only then, users can log in.
When IDP first syncs with Spekit, what roles will new IDP users have in Spekit?
Currently through the IDP by default all users will come in as viewers, if they are not assigned a group then they will be defaulted to “All Spekit Users”
How does the SCIM/SSO connection work?
It will all happen in one flow: once a user is syncs their SSO they will be prompted to sync their SCIM account
What if my connection fails during the connection process?
There will be an error message pop-up that will prompt them to try again
If they close the page or their computer shuts down, their connection page will remain unchanged and they have to restart/resume the connection process
How does Login w/SSO work?
There are two ways to login w/SSO:
- One is through your IDP (Okta) where you can sign in and be directed to the Spekit dashboard
- Second, once an admin connects to their IDP, the user will be prompted to input their workplace name (created by their admin) so that they can be redirected to their IDP. Once redirected they will then login via IDP (if not already) and will be directed back to the Spekit dashboard.
Can we allow SSO companies to invite ppl to Spekit not via IDP?
Admins with an IDP can invite users to a Spekit account but not a Salesforce account
Once an admin connects their IDP, will the IDP create duplicate accounts?
No, we will do a 1-time manually link between IDP accounts and existing Spekit accounts (and Salesforce/Spekit accounts)
For new customers, how do we manage syncing Salesforce users and IDP users?
If/ when a new customer syncs salesforce, they will ONLY sync the metadata. User data will come from the IDP.
If a client has SSO with Okta, can they no longer login with Salesforce?
Existing users with Salesforce login enabled will still be able to login with Salesforce.
This is to avoid confusing and blocking existing users’ current flow
New users will not be able to connect Salesforce login/users, if they have IDP connected
How do IT teams/SSO admins configure us on their OKTA page and/or extension?
WorkOS provides documentation for this
How are Spekit Sandbox accounts identified?
Our system knows if a user is logged in with a Sandbox account, if they are, the button to “Connect with SSO/SCIM” will be disabled.
Will users stay logged in?
Yes, we will not log out users when connecting SSO/SCIM
What are the requirements when creating a unique domain?
Lowercase only and no more than 63 characters
No special characters allowed