Pi Supports Single Sign On via SAML 2.0.
How it works
In Pi, each user login is associated with an email address. You can specify that any users attempting to log in with @your-domain.com email addresses will be sent to your SSO provider instead of logging in directly with usernames and passwords. This applies globally, so once enabled, any existing users will be required to log in with SSO as well as any new users added to your account.
The setup process is manual and just requires a few pieces of information to be exchanged, as detailed below.
Set up you need to perform in your identity provider
Copy and paste the following values into your system:
1. Entity ID: https://app.pi-datametrics.com/security/entity-id
2. ACS/Return URL: https://app.pi-datametrics.com/security/login-sso-return
(note: these URLs do not return content if you visit them in the browser, they are simply used as unique identifiers)
3. SAML Attributes
You need to make sure the following SAML attributes are also provided:
- Email (with the key being exactly "Email" or "email")
Details you need to send us
Please send over the following 4 pieces of information to our support team at support@pi-datametrics.com and we’ll get you set up!
Email domain e.g. my-domain.com.
All of your users must use the same email domain to be logged in using SSO
Your Entity ID e.g. https://idp.my-domain.com
A Unique identifier for the identity providerX.509 type certificate
Used for validation of requestsSAML URL e.g. https://idp.my-domain.com/sso/sign-in/
Where users will be redirected to for the login process