Skip to main content

What SSO Provides

Single Sign-On lets your team sign in to Anyshift using your existing identity provider. This centralizes authentication and enforces your organization’s login policies.

Supported Providers

Anyshift supports SSO with any SAML or OIDC-compatible identity provider, including:
  • Okta
  • Azure AD (Microsoft Entra ID)
  • Google Workspace

Setting Up SSO

Organization admins can configure SSO from the Settings page under the Security section.
1

Select your identity provider

Choose your provider from the list or select a custom SAML/OIDC configuration.
2

Exchange metadata

Follow the guided setup to exchange metadata between Anyshift and your identity provider.
3

Test the connection

Verify that authentication works correctly before enabling SSO for your organization.
4

Enable SSO

Activate SSO for your organization. All users with your company’s email domain will be required to sign in via SSO.

Domain Claiming

When SSO is enabled, Anyshift claims your company’s email domain. Users with an email address on that domain must sign in through your identity provider.
Consumer email domains (gmail.com, outlook.com, yahoo.com, etc.) cannot be claimed.

Important Notes

  • Users must be pre-invited. SSO does not automatically provision accounts. An org admin or project admin must invite users before they can sign in.
  • Email matching is exact. The email address in your identity provider must exactly match the email used to invite the user in Anyshift.
  • SSO can be combined with MFA enforcement for additional security.