Who can use this feature?
Plan: Enterprise (only admins)
Managed from: Admin Dashboard
InfoIf you are interested in having SSO option activated for your Krisp team account, contact your Account Executive.
Single sign-on allows you to log in to Krisp using your company credentials. Krisp's single sign-on (SSO) is based on SAML 2.0.
Krisp acts as the Service Provider (SP) and offers automatic user provisioning. The team member doesn't need to register on Krisp preliminarily. Once Krisp receives a SAML response from the Identity Provider (IdP), it checks if a user with the received email address is already present in the Krisp team account. If the user does not exist, Krisp creates a user automatically with that email and assigns it to an available unassigned seat in the team. If there is no unassigned seat in the team account at the time of the first sign-in of the user, the sign-in attempt will be rejected.
Since Krisp implements the generic SAML protocol, it is compatible with a wide range of Identity provider services such as Okta, Microsoft Azure, and any other service that is compatible with SAML 2.0.
To start the SSO setup, you need to first have it activated for your team account. Once it's activated, follow the steps below:
- Go to your Admin Dashboard on account.krisp.ai.
- Go to the Authentication tab from the Settings >>> Security section.
- Enable SSO.
If you check the Enforce SSO checkbox, your team members will have SSO as the only option to get inside their accounts. Check this article for more information about Enforce SSO option.
To have the SSO for your account:
- Configure your IdP to send the email address of your team member to Krisp as an identifier for the account.
In your Admin Dashboard, where the SSO is enabled, click on SAML and enter the information from your IdP in the Configure SAML panel.
- Here is the information from the IdP that should be filled in the Configure SAML panel of the Krisp Admin Dashboard:
- Audience URI
- Identity Provider Single Sign-On URL
- Identity Provider Issuer
- X-509 certificate
Once all the information is entered, click Configure.
Now you and your team members can sign in with SSO using your team slug and the company credentials for the IdP.
InfoYour team slug will match your company domain name if you use your company email and if that slug is not being used by another team. Otherwise, it will be generated randomly.
All the team members can also sign in with your company email since the company domain will be automatically detected. Check this article for more information.
As an admin, you can always change the SSO slug after installation using one of those options:
- Change from JSON body
Open key.config file in the ProgramFiles/Krisp folder and change the sso_slug property in the JSON body.
- Change via repair msi action using a different sso_slug
For that, run the same MSI installer with the new slug as a parameter. It will override the sso_slug value in key.config.
- Change during the update
When installing the new version, you can mention a new sso_slug value in the installer parameter and the value will be overridden during the update.