Single-Sign On (SSO) integration with identity providers like Okta
PopSQL offers Single-Sign On (SSO) integration for Enterprise customers. This allows customers to manage their users’ access to PopSQL through an identity provider like Okta, and users can then use their identity provider to login to PopSQL.
For a full list of supported identify providers, see this article. You will need a custom link from the PopSQL team to get up and running with SSO. Please work with your customer success manager or reach out to our support team.
Once SSO integration is set up, when your users first login via SSO their account will be created and added to your organization based on their email address domain if you have Auto Join enabled. You can enable this feature on your organization's settings page.
If your organization does not have Auto Join enabled, users can still use SSO to login but they will not automatically be added to your organization. An admin of your organization will have to invite them individually.
PopSQL also offers Directory Sync or System for Cross-Domain Identity Management (SCIM) integration. User provisioning is done just-in-time when the user first logs in. User deprovisioning is supported as well, when a user is removed, PopSQL will remove their account, but their data is retained in case customers need to access it still.
For a full list of supported identify providers, see this article.
File ownership when a user is removed
When a user is removed from your organization, we will transfer all their resources to the admin you have selected on the File Ownership section on your organization's settings page. This ensures you don't lose access to any of their private and shared queries, dashboards, and notebooks.
Frequently Asked Questions
Can we use username/password login or “Sign in with Google” in parallel with SSO?
Yes, by default all login methods will continue to work.
Can we restrict users to only login via SSO?
No, at the time users can not be restricted to just SSO login. Please reach out to support if this is a requirement for your organization.
If our users have already created an account via username/password or “Sign in with Google”, will their account be preserved if they login via SSO?
Yes, if you have a user (ex. [email protected]) that has signed up with a password or through Google, when they sign in via SAML we will log them into the existing account with that email address ([email protected]).
Can we disable auto-join?
Yes you can disable auto-join and prevent users from automatically joining your organization during SAML login. You will have to invite them through the admin user’s page individually then.
Updated 9 days ago