Single Sign-On (SSO) lets your team log into Studio using your existing Identity Provider (IdP). Enabling SSO requires an active Extended Data Storage plan for your Organization.
Who is this article for?
Organization administrators who want to enable SSO for their Organization using an OpenID Connect (OIDC) Identity Provider.
What do you need?
- Plan: An active Extended Data Storage plan
- Permission: Organization administrator
- Identity Provider: Must support OpenID Connect (OIDC) with the Authorization Code grant type and the openid, email, and profile scopes
Steps
- Confirm your Identity Provider supports the OpenID Connect protocol (OIDC) with the Authorization Code grant type.
- Collect the following information from your Identity Provider:
The OpenID Connect Client ID
- The OpenID Connect Client Secret
- The OpenID Connect Issuer (typically a URL)
- Whether you want to enforce authentication via your Identity Provider
- Contact DT Support with the information above.
- After receiving your information, the DT support team will configure Studio and provide the settings you need to update in your Identity Provider.
Do not share secrets over email
To share your Client Secret securely, paste it into this encrypted sharing page, set the lifespan to one week, encrypt it, and share only the resulting One-click URL with our support team.
Enforcing authentication via your Identity Provider
If you enforce authentication via your Identity Provider (recommended), users will not be able to log in to Studio if the Identity Provider becomes unavailable. However, this gives you tighter control over access and authentication.