Docs
API ReferenceBook a DemoSupportStart NowLog In ➔
Ask or search…
K
Links
Comment on page

Single Sign On (SSO)

Discover how to control access to the ComplyCube Portal through SSO.
ComplyCube allows you to add team members and govern access to our investigative Web Portal by easily integrating with your chosen Identity Provider (IdP) via SAML.
This integration ensures your team members benefit from a Single Sign-On (SSO) experience. It allows them to access ComplyCube using the same credentials and login interface as your other service providers, promoting a secure and cohesive user experience.
Using SSO, your team members will be redirected to your IdP for authentication and authorization. Upon successful access verification, they will be seamlessly redirected back to ComplyCube.
When SSO is activated, the standard login mechanism of ComplyCube will be disabled for all team members apart from the Account Owner. This is to ensure that, in the event of an unexpected IdP failure, the owner can access ComplyCube's Portal and de-activate SSO to facilitate direct access for their team members.
This service is only available through our Enterprise Plan. Get in touch with your Account Manager or contact us to enable it.

Just-in-Time (JIT) provisioning via SSO

ComplyCube supports Just-In-Time (JIT) account creation for new team members, further streamlining the account provisioning process. All new members are assigned the 'Analyst' role by default, which the ComplyCube Account Owner or Administrators can change through the team members settings page on the Web Portal.
Should the number of allocated seats for an account be fully utilized, ComplyCube will cease to provision new accounts. In such instances, your team member will get a message prompting them to contact their Account Owner.

User roles with SSO

User permission and roles can be set via the team members settings page through the Web Portal.

​Removing accounts

Removing a team member from the IdP will prevent them from being able to sign in to ComplyCube. However, it will not remove their account from ComplyCube. Accounts must be removed from the ComplyCube team members settings page.

Requirements for SSO

  • Your IdP must support the SAML 2.0 standard.
  • Your IdP must support SHA256 for signatures.
  • You must have administrative permission on the IdP.
  • You must be an Account Owner or Administrator on ComplyCube.
Access Management - Previous
Teams and User Roles
Next
SSO with Okta
Last modified 1mo ago