Setup & Configure SSO

Step 1: Configure your identity provider

To get started, you will need to setup and configure your chosen identity provider. There are specific guides for each supported provider below and we recommend that you go through these alongside an IT administrator from your company.

Note: Only the primary owner of an Avion organization can setup and configure SSO

pageAzure ADpageGoogle WorkspacepageOktapageOpenID Connect

Can I use a custom SSO service?

Yes! As long as your service supports the OpenID Connect standard, then you can integrate with Avion using our OpenID Connect provider. Please reach out to support if you have any questions on this.

Don't see your identity provider?

No problem! You can request support for an additional identity provider by getting in touch with us. We'll happily look into it and get back to you as soon as possible (usually within two working days).

Step 2: Enable SSO

After your identity provider has been configured, you will notice your SSO status is initially disabled. This gives you time to provide notice to your team members on the upcoming changes to your sign in process.

Note: Existing users in Avion that were created before configuring SSO will be matched by email address after their very first successful sign in attempt. If their corporate directory email address does not match the same email address on their Avion user account, please ask them to update their email address before you enable SSO.

When you are ready to turn on SSO, just hit the Enable SSO button:

What happens after SSO is enabled

Enabling SSO will require all members of your Avion organization to sign in via your corporate identity provider. Any members who were already signed in before SSO was enabled will remain signed in. However, once they sign out (or their session expires), they will no longer be able to sign in to Avion with an email and password.

Note: Primary owners can bypass SSO authentication by using the link at the bottom of the login page to sign in with their email address and password. This guarantees access to your Avion organization, even if your identity provider is having issues or you configure your SSO settings incorrectly.

Adding new users

For greater control over who can become a user in your company's Avion subscription, primary owners can ensure that auto-account creation is disabled. This means that users will still require an email invitation to join your Avion organization. With auto-account creation enabled, users will be automatically added without the need for an invitation.

Removing users

When you remove an employee from your corporate directory, that person will no longer be able to access Avion. However, all data created by the former employee will remain intact.

Avion user accounts are not automatically deleted when employees are removed from your identity provider's directory. If necessary, an Avion administrator can completely remove the Avion user account from the Organization Members section.

Last updated