User guidesDeveloper platformLatest updatesSlack Community
User guides

SSO for Enterprise

How to enable SSO for Enterprise accounts

Suggest Edits

Overview

Dust supports Single Sign-On (SSO) to manage your team's access to our platform securely and effortlessly using your existing Identity Provider (IdP). This feature simplifies user management and enhances security by centralizing authentication.

Setting up SAML Single Sign-On (SSO)

To enable SSO for Dust, follow these steps to create a custom app integration in your Identity Provider (IdP).

1. Identify an Admin:

Choose an admin with comprehensive access to both your IdP admin dashboard and Dust admin. This is necessary as enabling SAML SSO requires creating a custom integration in your IdP.

2. Get Your Dust SAML Configuration Values

  1. In Dust, navigate to Admin > Domain and Members > Single Sign-On > Activate SSO
  2. Select your IdP from the list
  1. Follow the steps to create the app in your IdP and configure it with Dust.

3. Enforcing SAML Single Sign-On (SSO) in Dust

After enabling SSO, you have the option to enforce it across the entire workspace. This means that users will no longer be able to log in using their social media accounts. Please note that enabling this setting will log out all users who are not currently using SAML, and they will be required to log back in using their IdP credentials.

4. Using IdP-initiated flows rather than SP-initiated flows (optional)

By default, only SP-initiated flows are allowed on Dust's side. However, if your company is using IdP-initiated flows for convenience, despite the known security flaws, Dust can support this way of authenticating.

ℹ️

Warning on IdP-initiated flows

If your company is allowing IdP-initiated flows, the message displayed in Dust will be "invalid_request: IdP-initiated login is not enabled for connection "workspace-[workspaceID]"

To enable IdP-initiated flows for your Dust SSO integration, you'll need to:

  1. Contact Dust support to request enabling IdP-initiated login for your specific SSO connection
  2. Confirm that you understand and accept the security implications of enabling IdP-initiated flows

The support team will be able to enable this feature for your SSO connection.

Updated about 3 hours ago