{"templateId":"markdown","sharedDataIds":{"sidebar":"sidebar-sidebars.yaml"},"props":{"metadata":{"markdoc":{"tagList":["availability","cards","card","img","callout","faq","faq-item","partial"]},"type":"markdown","userRole":"Admins","accountType":"All accounts","plan":"Exclusive to select subscription plans and add-ons"},"seo":{"title":"Set up Single Sign-On (SSO)","description":"Connect Databox to your Identity Provider using SAML 2.0 — configure SSO, exchange credentials with your IdP, and enforce org-wide secure login.","siteUrl":"https://help.databox.com","llmstxt":{"title":"Databox Knowledge Base","description":"Databox is a business analytics platform that consolidates data in one place, enabling real-time performance tracking and insights by mixing and matching data from various sources for a comprehensive view.","details":{"content":"This knowledge base covers everything from account setup and integrations to building Databoards, creating custom metrics, and using AI-powered features."},"sections":[{"title":"General","includeFiles":["docs/general/*.md","docs/general/visualization-types/*.md","docs/general/templates/*.md"],"excludeFiles":[]},{"title":"AI","includeFiles":["docs/ai/*.md"],"excludeFiles":[]},{"title":"Account Management","includeFiles":["docs/account-management/**/*.md"],"excludeFiles":[]},{"title":"Databoards","includeFiles":["docs/databoards/**/*.md"],"excludeFiles":[]},{"title":"Data Management","includeFiles":["docs/data-management/**/*.md"],"excludeFiles":[]},{"title":"Metrics","includeFiles":["docs/metrics/**/*.md"],"excludeFiles":[]},{"title":"Forecasts","includeFiles":["docs/forecasts/*.md"],"excludeFiles":[]},{"title":"Goals","includeFiles":["docs/goals/*.md"],"excludeFiles":[]},{"title":"Reports","includeFiles":["docs/reports/*.md"],"excludeFiles":[]},{"title":"Notifications","includeFiles":["docs/notifications/*.md"],"excludeFiles":[]},{"title":"Pricing and Billing","includeFiles":["docs/pricing-and-billing/*.md"],"excludeFiles":[]},{"title":"Mobile","includeFiles":["docs/mobile/*.md"],"excludeFiles":[]},{"title":"Support","includeFiles":["docs/support/*.md"],"excludeFiles":[]},{"title":"Integrations","includeFiles":["docs/integrations/**/*.md"],"excludeFiles":[]}],"hide":false,"excludeFiles":[]}},"dynamicMarkdocComponents":[],"compilationErrors":[],"ast":{"$$mdtype":"Tag","name":"article","attributes":{},"children":[{"$$mdtype":"Tag","name":"Heading","attributes":{"level":1,"id":"set-up-single-sign-on-sso","__idx":0},"children":["Set up Single Sign-On (SSO)"]},{"$$mdtype":"Tag","name":"Availability","attributes":{"users":"admins","accounts":"all","plans":"add-on"},"children":[]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Single Sign-On (SSO) is an authentication method that lets users access multiple applications with one set of credentials, which are stored securely in a centralized cloud directory. This reduces password fatigue, strengthens security, and simplifies login management across your organization. There are several standards for implementing SSO, including Security Assertion Markup Language (SAML), OpenID, and OAuth. Each has its own specifications and is not interchangeable. Databox currently supports the ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["SAML 2.0"]}," standard."]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":2,"id":"set-up-single-sign-on","__idx":1},"children":["Set up Single Sign-On"]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":3,"id":"enable-or-disable-sso","__idx":2},"children":["Enable or disable SSO"]},{"$$mdtype":"Tag","name":"ol","attributes":{},"children":[{"$$mdtype":"Tag","name":"li","attributes":{},"children":["Go to ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Account Management > Advanced security > Single sign-on"]},"."]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["Switch the toggle at the top to ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Enabled"]}," (or back to ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Disabled"]}," if you want to turn SSO off)."]}]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":3,"id":"exchange-configuration-details","__idx":3},"children":["Exchange configuration details"]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["To complete the setup, you'll need to exchange information between Databox and your Identity Provider (IdP). Databox supports the ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Service Provider (SP) initiated flow"]}," by default. The ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Identity Provider (IdP) initiated flow"]}," can be enabled on request, though it is ",{"$$mdtype":"Tag","name":"MarkdownLink","attributes":{"href":"https://fusionauth.io/docs/lifecycle/authenticate-users/identity-providers/enterprise/samlv2-idp-initiated"},"children":["less secure"]}," and discouraged unless necessary."]},{"$$mdtype":"Tag","name":"Cards","attributes":{"columns":3,"cardMinWidth":240},"children":[{"$$mdtype":"Tag","name":"Card","attributes":{"title":"Service Provider (SP) initiated flow","imagePosition":"start","iconPosition":"auto","layout":"vertical","align":"start","variant":"filled"},"children":[{"$$mdtype":"Tag","name":"Image","attributes":{"src":"/assets/set-up-single-sign-on-sso_1.9374970ac9bbb61bf0ab28fae1fda23840a53b7ab702507a17b7433c65f5c8ec.969cd774.png","alt":"sp-flow","withLightbox":true,"className":"ss-img"},"children":[]}]},{"$$mdtype":"Tag","name":"Card","attributes":{"title":"Identity Provider (IdP) initiated flow","imagePosition":"start","iconPosition":"auto","layout":"vertical","align":"start","variant":"filled"},"children":[{"$$mdtype":"Tag","name":"Image","attributes":{"src":"/assets/set-up-single-sign-on-sso_2.ebb79697d71d772aabf417054ec6d63109cddfea25324888a71de4f27f70ba15.969cd774.png","alt":"idp-flow","withLightbox":true,"className":"ss-img"},"children":[]}]}]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":[{"$$mdtype":"Tag","name":"Callout","attributes":{"type":"note"},"children":["To enable the IdP-initiated flow, contact Databox Support via live chat or at ",{"$$mdtype":"Tag","name":"MarkdownLink","attributes":{"href":"mailto:help@databox.com"},"children":["help@databox.com"]},"."]}]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Use the table below to map Databox fields to the terms used by your IdP:"]},{"$$mdtype":"Tag","name":"div","attributes":{"className":"md-table-wrapper"},"children":[{"$$mdtype":"Tag","name":"table","attributes":{"class":"table-header-col","className":"md"},"children":[{"$$mdtype":"Tag","name":"thead","attributes":{},"children":[{"$$mdtype":"Tag","name":"tr","attributes":{},"children":[{"$$mdtype":"Tag","name":"th","attributes":{"data-label":"Field name"},"children":["Field name"]},{"$$mdtype":"Tag","name":"th","attributes":{"data-label":"Synonyms"},"children":["Synonyms"]},{"$$mdtype":"Tag","name":"th","attributes":{"data-label":"Provider"},"children":["Provider"]},{"$$mdtype":"Tag","name":"th","attributes":{"data-label":"Action"},"children":["Action"]}]}]},{"$$mdtype":"Tag","name":"tbody","attributes":{},"children":[{"$$mdtype":"Tag","name":"tr","attributes":{},"children":[{"$$mdtype":"Tag","name":"td","attributes":{},"children":["Callback URL"]},{"$$mdtype":"Tag","name":"td","attributes":{},"children":["Assertion Consumer Service (ACS) URL"]},{"$$mdtype":"Tag","name":"td","attributes":{},"children":["Databox"]},{"$$mdtype":"Tag","name":"td","attributes":{},"children":["Copy from Databox and paste into your IdP."]}]},{"$$mdtype":"Tag","name":"tr","attributes":{},"children":[{"$$mdtype":"Tag","name":"td","attributes":{},"children":["Issuer"]},{"$$mdtype":"Tag","name":"td","attributes":{},"children":["Entity ID, Audience URI, SP Entity ID"]},{"$$mdtype":"Tag","name":"td","attributes":{},"children":["Databox"]},{"$$mdtype":"Tag","name":"td","attributes":{},"children":["Copy from Databox and paste into your IdP."]}]},{"$$mdtype":"Tag","name":"tr","attributes":{},"children":[{"$$mdtype":"Tag","name":"td","attributes":{},"children":["Metadata URL"]},{"$$mdtype":"Tag","name":"td","attributes":{},"children":["Federation Metadata URL, SAML Metadata"]},{"$$mdtype":"Tag","name":"td","attributes":{},"children":["Databox"]},{"$$mdtype":"Tag","name":"td","attributes":{},"children":["Copy from Databox and paste into your IdP (if required)."]}]},{"$$mdtype":"Tag","name":"tr","attributes":{},"children":[{"$$mdtype":"Tag","name":"td","attributes":{},"children":["Single Sign-On URL"]},{"$$mdtype":"Tag","name":"td","attributes":{},"children":["IdP Login URL, SAML Endpoint, Identity Provider SSO URL"]},{"$$mdtype":"Tag","name":"td","attributes":{},"children":["Identity Provider"]},{"$$mdtype":"Tag","name":"td","attributes":{},"children":["Copy from IdP and paste into Databox."]}]},{"$$mdtype":"Tag","name":"tr","attributes":{},"children":[{"$$mdtype":"Tag","name":"td","attributes":{},"children":["X.509 Certificate"]},{"$$mdtype":"Tag","name":"td","attributes":{},"children":["IdP Certificate, Public Key, Signing Certificate"]},{"$$mdtype":"Tag","name":"td","attributes":{},"children":["Identity Provider"]},{"$$mdtype":"Tag","name":"td","attributes":{},"children":["Copy from IdP and paste into Databox."]}]},{"$$mdtype":"Tag","name":"tr","attributes":{},"children":[{"$$mdtype":"Tag","name":"td","attributes":{},"children":["Managed Domain(s)"]},{"$$mdtype":"Tag","name":"td","attributes":{},"children":["Domain Restriction, Allowed Domains"]},{"$$mdtype":"Tag","name":"td","attributes":{},"children":["You define"]},{"$$mdtype":"Tag","name":"td","attributes":{},"children":["Enter domains (e.g., company.com). Only users with matching email domains can log in with SSO."]}]}]}]}]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":3,"id":"require-single-sign-on-for-all-users","__idx":4},"children":["Require Single Sign-On for all users"]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Account administrators can enforce SSO authentication for every user in the account. In agency accounts, this setting applies only to agency account users—client users are not affected."]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["To require SSO for all users:"]},{"$$mdtype":"Tag","name":"ol","attributes":{},"children":[{"$$mdtype":"Tag","name":"li","attributes":{},"children":["Go to ",{"$$mdtype":"Tag","name":"MarkdownLink","attributes":{"href":"https://account.databox.com/security/single-sign-on"},"children":["Account Management > Advanced security > Single sign-on"]},"."]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["Switch the ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Require SSO for all users"]}," toggle to ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Enabled"]},"."]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["Confirm in the pop-up by clicking ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Yes"]},"."]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["Click ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Save changes"]},"."]}]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":[{"$$mdtype":"Tag","name":"Callout","attributes":{"type":"warning"},"children":["Enforcing SSO deletes all stored passwords. If SSO is later disabled, users must reset their passwords to log in again."]}]},{"$$mdtype":"Tag","name":"Faq","attributes":{},"children":[{"$$mdtype":"Tag","name":"FaqItem","attributes":{"question":"Can I connect multiple Identity Providers to Databox?"},"children":[{"$$mdtype":"Tag","name":"p","attributes":{},"children":["No. Only one Identity Provider can be configured per Databox account, whether it's an Agency Account or a standard account. If you need support for multiple Identity Providers, you can submit a request using our ",{"$$mdtype":"Tag","name":"MarkdownLink","attributes":{"href":"https://databox.com/roadmap-request"},"children":["Roadmap Request form"]},"."]}]},{"$$mdtype":"Tag","name":"FaqItem","attributes":{"question":"Does Databox support automatic user provisioning?"},"children":[{"$$mdtype":"Tag","name":"p","attributes":{},"children":["No. Service Provider (SP) provisioning is not supported. Users must first be created in Databox before they can authenticate via the IdP."]}]},{"$$mdtype":"Tag","name":"FaqItem","attributes":{"question":"How are users identified for SSO in Databox?"},"children":[{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Users are identified by their ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["email address"]},". The email address in Databox must match the email stored in the identity provider (IdP) ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["character for character, including uppercase and lowercase letters"]},"."]}]},{"$$mdtype":"Tag","name":"FaqItem","attributes":{"question":"Which Identity Provider apps are available for Databox?"},"children":[{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Databox has a ",{"$$mdtype":"Tag","name":"MarkdownLink","attributes":{"href":"https://www.okta.com/integrations/databox/"},"children":["verified application"]},"  in the ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Okta Integration Network"]},", making setup simple for Okta users. For other Identity Providers, such as ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Azure Active Directory, OneLogin, or Ping Identity"]},", you can configure Databox manually using the SAML 2.0 standard."]}]}]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":[" "]},{"$$mdtype":"Tag","name":"Cards","attributes":{"columns":4,"cardMinWidth":160},"children":[{"$$mdtype":"Tag","name":"FooterCard","attributes":{"title":"Ask Genie","icon":"genie","to":"https://app.databox.com/genie","variant":"elevated"},"children":[{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Get instant answers or help with your data using the in-app AI assistant."]}]},{"$$mdtype":"Tag","name":"FooterCard","attributes":{"title":"Talk to an expert","icon":"assistance","to":"https://meetings.hubspot.com/databox-meeting/account-management","variant":"elevated"},"children":[{"$$mdtype":"Tag","name":"p","attributes":{},"children":["For customers: Get help with your setup, strategy, or making the most of Databox."]}]},{"$$mdtype":"Tag","name":"FooterCard","attributes":{"title":"Book a demo","icon":"eye-open","to":"https://meetings.hubspot.com/databox-meeting/ref-knowledge-base","variant":"elevated"},"children":[{"$$mdtype":"Tag","name":"p","attributes":{},"children":["New to Databox? See how it works and get guidance on getting started."]}]},{"$$mdtype":"Tag","name":"FooterCard","attributes":{"title":"Send an email","icon":"help","to":"mailto:help@databox.com","variant":"elevated"},"children":[{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Reach out to support for help with your account, data, or technical issues."]}]}]}]},"headings":[{"value":"Set up Single Sign-On (SSO)","id":"set-up-single-sign-on-sso","depth":1},{"value":"Set up Single Sign-On","id":"set-up-single-sign-on","depth":2},{"value":"Enable or disable SSO","id":"enable-or-disable-sso","depth":3},{"value":"Exchange configuration details","id":"exchange-configuration-details","depth":3},{"value":"Require Single Sign-On for all users","id":"require-single-sign-on-for-all-users","depth":3}],"frontmatter":{"slug":"set-up-single-sign-on-sso","seo":{"title":"Set up Single Sign-On (SSO)","description":"Connect Databox to your Identity Provider using SAML 2.0 — configure SSO, exchange credentials with your IdP, and enforce org-wide secure login."},"keywords":{"includes":["SSO","single sign-on","SAML","SAML 2.0","identity provider","IdP","set up SSO in Databox","enforce SSO for all users","Okta","Azure Active Directory","OneLogin","Ping Identity","ACS URL","callback URL","Entity ID","X.509 certificate","Managed Domain"]},"metadata":{"userRole":"Admins","accountType":"All accounts","plan":"Exclusive to select subscription plans and add-ons"}},"lastModified":"2026-05-29T09:01:45.000Z","pagePropGetterError":{"message":"","name":""}},"slug":"/set-up-single-sign-on-sso","userData":{"isAuthenticated":false,"teams":["anonymous"]},"isPublic":true}