Single Sign-On allows members of your organization to access to Paladin via a third-party identity provider. SSO allows your users to login to Paladin using the same credentials they use to login to other services used by your organization.

Without SSO enabled, your users will need to create a new password to access Paladin. SSO is a better, more secure experience for your users as they do not need to keep track of yet another password and you control their authentication requirements.

Paladin can integrate with any identity provider that supports the SAML2 protocol. The following information is typically required to set up a SAML2 integration.

Paladin SAML Metadata (production): https://app.joinpaladin.com/account/saml/metadata/

Paladin SAML Metadata (test): https://paladin-dev.herokuapp.com/account/saml/metadata/

Your team should provide Paladin with your identity provider's SAML2 metadata.

Paladin will provide a RelayState value that must be included in your identity providers SAML response.

Paladin staff will work with your IT team to set up this type of integration during on-boarding.

Paladin is a member of the Okta Integrations Network. If your organization uses Okta, you can add a new Application and search for Paladin in the application directory.

After adding Paladin to your Okta account, follow the instructions for set up found here: https://saml-doc.okta.com/SAML_Docs/How-to-Configure-SAML-2.0-for-Paladin.html

If your organization uses Google Apps / G Suite, your users may login using their Google account via our OAuth integration.