When enabling single sign-on (SSO) for your team, it's important to note the following things:
Set Up and Access
-
Who can enable SSO?
- Crunchbase Business plan
-
Only Crunchbase team admins and the account owner can enable SSO for the specific team members on Crunchbase.
-
What SSO logins do you support?
- Any Single Sign On Identity Provider (IdP) that supports the SAML framework
- SAML & SAML Authentication, Explained - details when creating a custom SAML app
- Service Provider connections via SAML
- Okta: Instructions for Single Sign-On Setup with Okta
- Azure: Instructions for Single Sign-On Setup with Azure Active Directory
-
Google: Instructions for Single Sign-On Setup with Google
- Any Single Sign On Identity Provider (IdP) that supports the SAML framework
-
Which user attributes (claims) does your application require for SSO authentication?
-
We only require email, but having first and last name will populate for users when they SSO in.
- NameID > email
- First Name > firstName (case sensitive)
-
Last Name > lastName (case sensitive)
-
We only require email, but having first and last name will populate for users when they SSO in.
-
When SSO is enabled, who has access?
- All team members who were successfully assigned to your team will be expected to log into Crunchbase via SSO (once SSO is enabled).
- Team members will be prompted to log in every 24 hours.
Workflow Changes
-
After enabling SSO, team members will not be able to:
- Log in via their email address & password or social account.
- Reset password - they will need to contact their IT admin to reset through your SSO provider.
-
Change their email within Crunchbase Account Settings
- In order for the team member to update their email in Crunchbase Account Settings, the team member would need to leave the team or the team owner would need to temporarily disable SSO.
Crunchbase Restrictions
-
Crunchbase does not currently support:
- Customer facing sandbox for SSO testing
-
Direct Identity Provider (IdP) initiated logins
- If you’d like users to log in via your Identity Provider, we recommend creating an Okta bookmark. Directions can be found in the Okta set up help guide: Instructions for Single Sign-On Setup with Okta
- 2FA is implemented on the user’s side for their IDP of choice
- SCIM
- JIT
- OIDC
- Federate
Disable SSO
-
If SSO needs to be disabled:
- Passwords will revert to what was set prior to the single sign-on setup.
Need help or guidance? Reach out to us at prosupport@crunchbase.com or post your question in the Crunchbase Community.