Single Sign On (SSO)
Discover how to control access to the ComplyCube Portal through SSO.
Overview
ComplyCube allows you to add team members and govern access to our Web Portal by easily integrating with your chosen Identity Provider (IdP) via SAML.
This integration ensures your team members benefit from a Single Sign-On (SSO) experience. It allows them to access ComplyCube using the same credentials and login interface as your other service providers, enabling a secure and cohesive user experience.
Using SSO, your team members will be redirected to your IdP for authentication and authorization. Upon successful access verification, they will be seamlessly redirected back to ComplyCube.
When SSO is enabled, the standard ComplyCube login will be disabled for all team members except the Account Owner. This safeguard ensures that, if the identity provider (IdP) becomes unavailable, the Account Owner can still access the ComplyCube Portal and deactivate SSO, restoring direct login access for the rest of the team.
Just-in-Time (JIT) provisioning
ComplyCube supports JIT provisioning, allowing accounts for new team members to be created automatically at first login. By default, all new members are assigned the 'Analyst' role. The ComplyCube Account Owner or Administrators can later adjust this role through the team members settings page.
User roles with SSO
User permission and roles can be set via the team members settings page through the Web Portal.
Removing accounts
Removing a team member from the IdP will prevent them from being able to sign in to ComplyCube. However, it will not remove their account from ComplyCube. Accounts must be removed from the ComplyCube team members settings page.
Requirements for SSO
Your IdP must support the SAML 2.0 standard.
Your IdP must support SHA256 for signatures.
You must have administrative permission on the IdP.
You must be an Account Owner or Administrator on ComplyCube.