SSO - SAMLLast Updated: January 31, 2019
SAML-based single sign-on (SSO) gives members access to Drift through an identity provider (IDP) of your choice.
Step 1: Configure your identity provider
To get started, you’ll need to set up a connection (or connector) for Drift with you IDP. If your preferred identity provider doesn't have a connector with Drift, you can use a custom SAML connection.
Step 2: Set up SAML SSO for Drift
Now that you’ve configured your identity provider (IDP), an Admin can enable the SSO feature in Drift.
1. Go to Settings > App Settings > Authentication
2. From here, you can verify your domain ownership. Once you’ve added your domain, you can verify it over HTTPS or DNS. All users who log in with this domain will be redirected to log in via your team's Identity provider.
3. You can drop a metadata file or fill in fields manually for the Identity Provider Entity ID, SAML Redirect Endpoint, and the Identity Provider Public Key
You can use this page to verify domain ownership. This will make it easier to manage your users Drift accounts and apply authentication policies. Once you’ve added your domain, you can verify it over HTTPS or DNS.
- Account Owners by default will not sign in via SSO. This ensures that if configuration isn't set up correctly, the Account Owner will always be able to log in.
Drift requires signed responses by default, but we can also check for signed assertions within those responses for additional security. Drift recommends enabling this feature as long as your IdP can support it.
We can sign SAML authentication requests for increased security. You can use Drift's public key to verify our AuthnRequest signatures.
What to expect after SSO is enabled
Going forward, all members will sign in to Drift with their IDP account. If you chose to require SSO, your members will see a sign in page before they can access your workspace.