Getting started with Single Sign-On in Spekit? This guide covers what SSO is, key terminology you need to know, and how to complete the initial SSO/SCIM configuration in your Spekit account.
📌 Quick-Jump Topics
Understanding Single Sign-On (SSO)
What is Single Sign-On?
Single Sign-On (SSO) is an authentication process that allows users to access multiple applications or services using a single set of login credentials, such as a username and password. SSO simplifies the user experience by eliminating the need to remember multiple passwords and streamlines the login process.
SSO/SCIM Terminology
What key terms should I know before setting up SSO?
Before connecting your Spekit account with SSO, familiarize yourself with the following core terms:
- IdP (Identity Provider): A service that stores and verifies digital user identities. Popular examples include Okta, Ping Identity, PingFederate, OneLogin, and Entra ID (Azure).
- SAML (Security Assertion Markup Language): An XML-based standard for exchanging authentication and authorization data between parties, particularly between an Identity Provider (IdP) and a Service Provider such as Spekit.
- JIT (Just-In-Time): A user provisioning method for on-demand account creation. When a user accesses Spekit for the first time through SSO, JIT automatically creates a user account for them.
- SCIM (System for Cross-domain Identity Management): An alternative user provisioning method that automates user management tasks such as account creation, updates, and deactivation within Spekit.
- IdP-Initiated Login: An SSO authentication flow where the login process is initiated from within your IdP rather than from the Spekit login page.
- SP-Initiated Login: An SSO authentication flow where the login process is initiated from the Spekit login page rather than from within your IdP.
Initial Spekit SSO/SCIM Configuration
How do I set up SSO/SCIM in Spekit for the first time?
Navigate to Spekit Web App → Settings → Connect and follow the steps below.
Step 1: Start the SSO/SCIM connection:
- Click the blue Connect with SSO/SCIM button.
Step 2: Map existing Spekit users to their IdP profiles:
You will be presented with a Connect existing user data modal. This step maps your existing Spekit users to the email address on their IdP profile, which prevents duplicate users from being created when they are provisioned through SSO.
⚠️ Important: When working with the downloaded Excel sheet, follow these rules:- Do not edit the first two columns.
- Do not remove any rows from the sheet.
- Do not add or remove users from Spekit while the sheet is downloaded and being edited.
- Click Download to download the Excel sheet containing your existing Spekit users.
- Open the downloaded Excel sheet and look for users with duplicate email addresses or a blank IdP Email field.
- In the IdP Email column, confirm that all pre-populated email addresses match what each user has on their IdP profile. Update any that are incorrect.
- Save the Excel file if any changes were made.
- Click Choose File and select your updated Excel file.
- Click Upload.
Step 3: Set up your Workspace:
- You will now be presented with the Workspace Setup screen. Enter a unique Workspace name for your organization - in most cases, this will be your company name.