Overview
Experio supports enterprise Single Sign-On (SSO) integration, allowing users to authenticate through their organization’s identity provider. This eliminates the need for separate Experio credentials and centralizes access management.
Navigate to Admin > Users > SSO Clients.
Supported Identity Providers
| Provider | Protocol |
|---|
| Okta | SAML / OIDC |
| Microsoft Entra (Azure AD) | SAML / OIDC |
| Auth0 | OIDC |
| Generic | SAML / OIDC |
Viewing SSO Clients
The SSO clients page shows a table with:
- Customer ID (unique identifier)
- Display Name
- Email Domain
- IDP Type
- Active Status
- Created and Modified dates
Creating an SSO Client
Click Create New to configure a new SSO integration:
| Field | Description |
|---|
| Customer ID | A unique identifier for this SSO configuration |
| Display Name | Friendly name shown to administrators |
| Email Domain | The email domain this SSO applies to (e.g., acme.com). Users with this email domain will be redirected to SSO login. |
| IDP Type | The identity provider type (Okta, Microsoft Entra, Auth0, Generic) |
| PropelAuth Client ID | The client ID from PropelAuth for this integration |
| Active | Enable or disable this SSO configuration |
How SSO Works
- A user navigates to the Experio login page
- They enter their email address
- If their email domain matches an active SSO client, they’re redirected to their identity provider
- After authenticating with their IDP, they’re redirected back to Experio with an active session
- User accounts are provisioned automatically on first SSO login
Managing SSO Clients
Editing
Click any SSO client to view and edit its configuration. Changes take effect immediately for new login attempts.
Deactivating
Toggle the Active status to disable an SSO configuration without deleting it. Users for that domain will fall back to email/password authentication.
Deleting
Remove an SSO client permanently. A confirmation dialog prevents accidental deletion.
Audit Trail
Each SSO client tracks:
- Who created the configuration
- When it was created
- When it was last modified
Test SSO configuration with a small group of users before rolling out to the entire organization. Ensure fallback email/password authentication is available during the transition.
