Back to Guides
Account & security

Single Sign-On (SSO) Setup

~10 min | Last updated June 30, 2026

What SSO does

Single Sign-On lets your team sign in to Findable with your company’s identity provider, instead of managing a separate Findable password. Findable uses WorkOS behind the scenes to connect to common providers such as Microsoft Entra ID, Okta, Google Workspace, and other SAML or OIDC identity providers.

Use this guide if you are an organization admin and want your users to sign in through your company’s normal login flow.

Before you start

You will need:

  • Organization admin access in Findable
  • Admin access to your identity provider, or help from your IT team
  • The list of email domains that should use SSO, for example company.com

Keep a regular admin user available until the setup has been tested. That gives you a fallback if the identity provider configuration needs adjusting.

Open the Authentication panel

  1. Sign in to Findable as an organization admin.
  2. Open Organization settings.
  3. Go to Authentication.
  4. Choose the SSO setup option.

The Authentication panel is where you manage SSO for the organization. If you cannot see it, check that you are in the correct organization and have organization admin permissions.

Connect your identity provider

Findable will guide you through the provider setup. The exact fields depend on whether your company uses SAML or OIDC, but the flow is usually:

  1. Choose your identity provider in the Authentication panel.
  2. Copy the setup values from Findable into your identity provider.
  3. Copy the identity provider values back into Findable.
  4. Add the email domains that should use SSO.
  5. Save the configuration.

Your IT team may need the Assertion Consumer Service URL, Entity ID, Client ID, Client Secret, issuer URL, or metadata URL. Use the values shown in the Authentication panel, since they are unique to your Findable organization.

Test SSO

Test the setup before requiring everyone to use it.

  1. Ask one user from the SSO domain to sign out of Findable.
  2. Have them sign in again with their company email address.
  3. Confirm that they are redirected to the identity provider.
  4. Confirm that they return to Findable and can access the expected organization.

If the user lands in the wrong organization or cannot access expected buildings, check their Findable user permissions after the SSO login succeeds. SSO handles sign-in; Findable permissions still control what the user can see inside the product.

Troubleshooting

If SSO does not work on the first try, check these items:

  • The email domain in Findable matches the user’s email address.
  • The redirect or callback URL in your identity provider matches the value in Findable.
  • The user is assigned to the Findable app in your identity provider.
  • The certificate or client secret has not expired.
  • The user’s Findable account uses the same email address as the identity provider.

If your IT team needs help, send them the provider values from the Authentication panel and contact Findable support.