SSO

How to setup and use SSO with SpeedCurve, including SAML, LDAP, ADFS, and more.

Setting up SSO connection

If you'd like to enable SSO for your SpeedCurve account, please get in touch with us at [email protected].

Requirements

🚧

SSO is not available on monthly plans.

Please note that SSO is available for annual plans only.

Supported identity providers

SpeedCurve uses Auth0 as an SSO service provider. SpeedCurve's preferred SSO protocol is SAML, however we support all of the same protocols as Auth0 including:

  • SAML
  • OpenID Connect (OIDC)
  • LDAP / Active Directory

This includes cloud providers like Okta and Auth0. Google G Suite is also supported.

Getting started

We will need some information from you to get started:

  • Your single sign-on (SSO) URL
  • Your logout URL
  • Your signing certificate
  • A list of email domains that will be used to sign in 

Once we have this information, we will be able to provide you with a post-back URL and entity ID associated with your SAML connection.

Please also make sure your identity provider is configured to send the following SAML attributes:

  • Email address as http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
  • Full name as http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name

Using SSO

Manage teams and user permissions

SpeedCurve accounts with SSO can have multiple teams and manage individual user permissions. The user permissions are the same as the normal SpeedCurve permissions: User, Team Admin, and Org Admin.

Sync with existing user accounts

When a user signs in with SSO, SpeedCurve will try to match them to an existing user account. If a matching user account is found, it will be converted to an SSO account and retain all of its existing permissions and settings. 

Creating new user accounts 'on the fly'

SpeedCurve uses 'Just-In-Time' (JIT) provisioning strategy to create user accounts instantly when a user logs in through a company SSO for the first time and no user matching the given email address is found in SpeedCurve.

A new user is created automatically with view only permissions (User level) for all organization teams by default.

There is no support for automated team membership management with group membership claims.

Strict mode

By default, SpeedCurve will allow you to continue logging in with an email and password combination. "Strict mode" disables email and password logins and only allows SSO logins. To enable or disable strict mode, go to Admin -> SSO tab. We recommend enabling strict mode after you finished setting up and testing your SSO connection.

How to sign in with SSO

  1. Click the Log In link at the top-right of the page, and then select Use single sign-on (SSO) or go directly to SSO login URL: https://app.speedcurve.com/sso/login
  2. Enter your email address and click Log In.  You will be redirected to your identity provider.
  3. After you have logged in successfully, you will be redirected back to SpeedCurve.