SAML - Single Sign OnLast Updated: December 04, 2018
SAML-based single sign-on (SSO) gives members access to Drift through an identity provider (IDP) of your choice.
Step 1: Configure your identity provider
To get started, you’ll need to set up a connection (or connector) for Drift with you IDP. If your preferred identity provider doesn't have a connector with Drift, you can use a custom SAML connection.
Step 2: Set up SAML SSO for Drift
Now that you’ve configured your identity provider (IDP), an Admin can enable the SSO feature in Drift.
1. Go to Settings > App Settings > Authentication
2. From here, you can drop a metadata file or fill in fields manually for the Identity Provider Entity ID, SAML Redirect Endpoint, and the Identity Provider Public Key
3. Verify your domain under Settings > App Settings > Domains
You can use this page to verify domain ownership. This will make it easier to manage your users Drift accounts and apply authentication policies. Once you’ve added your domain, you can verify it over HTTPS or DNS.
- Account Owners by default will not sign in via SSO. This ensures that if configuration isn't set up correctly, the Account Owner will always be able to log in.
Drift requires signed responses by default, but we can also check for signed assertions within those responses for additional security. Drift recommends enabling this feature as long as your IdP can support it.
We can sign SAML authentication requests for increased security. You can use Drift's public key to verify our AuthnRequest signatures.
What to expect after SSO is enabled
Going forward, all members will sign in to Drift with their IDP account. If you chose to require SSO, your members will see a sign in page before they can access your workspace.