Enterprise feature
SSO configuration is limited to Enterprise (or equivalent) workspaces and requires organization admin rights. End users only see the SSO button once the integration is live.SAML setup steps
Create the SAML app in your IdP
Register Planasonix as a service provider. Your IdP asks for an ACS URL and Entity ID—copy the values from the Planasonix SSO setup screen.
Exchange metadata
Upload the IdP metadata XML or paste SSO URL, issuer, and signing certificate into Planasonix. Download SP metadata if your IdP requires it.
Map attributes
Map
email, firstName, lastName, and group claims if you use them for teams and permissions.Identity provider configuration
- Okta
- Azure AD / Entra ID
- Google Workspace
Use SAML 2.0 app integration; assign groups and set Name ID to email format the product expects.
Certificate rotation
Plan certificate rotation before IdP certs expire. Upload the new signing certificate, test with a pilot group, then remove the old cert. Failed rotation surfaces as login errors for all users.JIT (just-in-time) provisioning creates users on first SSO login when enabled; otherwise you must pre-provision accounts or use SCIM if your contract includes it.
Related topics
Session policy
Timeouts and IP rules after SSO.
MFA
Step-up factors layered on top of IdP policies.