Single sign-on (SSO)

If your company supports single sign-on (SSO) integrations, you can have SSO enabled on your Liftoff site.

Liftoff supports the following options for SSO integrations:

  • Automatic customer creation: If a customer successfully logs in via SSO, but that customer does not exist in your Liftoff account, then that customer may be created automatically in your Liftoff account. This option may be enabled or disabled as desired.
  • Automatic customer profile updates: When a customer logs in, your identity provider may pass profile data such as the customer's address or roles. The customer's profile in your Liftoff account will be automatically updated with this data.
  • Profile update restrictions: You may disable the customer's ability to update their name, email, and password via your Liftoff site. This is often necessary since the customer needs a Liftoff password to update their profile within your Liftoff site. SSO customers may not know their Liftoff password, since they instead use their SSO credentials to log in.
  • SSO and non-SSO login pages: You may specify whether your customers may optionally log in via our standard non-SSO login page, thereby bypassing SSO.
  • Single logout (SLO): You may configure SLO, which logs the customer out of your SSO system when the customer logs out of your Liftoff site.
  • Logout redirect URL: You may specify a URL for customers to be redirected to after logging out.

Please contact your Account Manager for information on enabling and configuring SSO. You will need either:

  1. A SAML metadata file from your SSO identity provider, or
  2. The following values:
    a. Identity provider name: Your identity provider's unique name, typically in URL format
    b. Single sign-on URL: The URL where the SAML request will be posted to initiate the login
    c. Single logout URL: If desired, the URL where the SAML request will be posted to log the user out
    d. Partner certificate string: The certificate string used to verify that the SAML request is valid