Make logging in simple and secure by integrating your identity provider with Crossbeam. You can require SSO (Single Sign On) from all of your teammates or offer it as one of your sign in options.

Important Notes:

  1. We support SAML SSO

  2. SAML SSO is only available with certain Crossbeam plans. See our pricing here.

Configuring SSO in Crossbeam

To enable SAML SSO, go to your Settings page and scroll down to Login Options.

Then, populate the following fields and click Save Settings.

  • Identity provider Single Sign On URL — This is the URL used to start the login process.

  • X.509 certificate — This allows Crossbeam to validate SAML requests from your identity provider.

Note: for the X.509 certificate, you must include -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- in the box.

For example:

Next, enable SAML SSO by toggling the enable option:

Enforcing SSO logins

To enforce SSO logins, select "My team must log in with SSO". You will be presented with the option to exclude users from being required to log in via SSO. While you will retain your original login as well, we recommend including anyone who cannot log in via SSO, or any additional users who can still access Crossbeam in the event of an identity provider failure.

Note: any existing users will be removed from Crossbeam unless you enter them into the "SSO Login Exceptions" area. They will need to login via Okta to be re-added to the account.

Just-in-Time (JIT) Provisioning

New teammates can add themselves to this workspace if they have the appropriate IdP credentials. Every new user that gains access for the first time via SSO will be given the "View Only" role. Learn about user roles and permissions here.

✅ Finally, hit Save Settings to save your SSO configuration.

Logging into Crossbeam with SSO

To log in to Crossbeam via SSO, you must have the login URL for your organization. It will look something like this:

You can find your specific org's login on your Settings page:

Visiting that URL should take you to an SSO login landing page in Crossbeam that looks something like this:

If you click Log in with SAML SSO, you will be taken to your IdP's login page. The following example shows Okta's login page:

Logging into your IdP will then subsequently log you in to Crossbeam.

Note: if you do not already have a Crossbeam account, one will be created for you upon login with the "View Only" user role. Contact an admin on your account to receive any additional permissions.

Configuring SAML SSO with Okta

Note: we're in the process of getting listed in Okta's Integration Network. Once that happens, these docs will be updated with the simpler steps.

First, go to your Applications tab on Okta. You must be an admin to add Crossbeam as a new Application.

Once on the Applications tab, click "Add Application".

Then you'll click "Create New App" (once we're in Okta's Integration Network, you'll be able to just search for Crossbeam).

In the pop-up modal, keep "Web" as the platform and choose "SAML 2.0" as the "Sign on method". Hit "Create".

General Settings

App Name: Crossbeam

App Logo:

Right click and "Save Image As..." on our logo below!

App Visibility: (recommended) leave both unchecked

Configure SAML

Single sign on URL

Fill in the Single sign on URL in Okta with the Assertion Consumer Service (ACS) URL from your SSO Settings page in Crossbeam.

Audience URI (SP Entity ID)

Fill in the Audience URI (SP Entity ID) in Okta with the Entity ID from your SSO Settings page in Crossbeam.

Default RelayState

Leave blank.

Name ID format

Select EmailAddress

Application username

Select Email

Update application username on

Select Create and update

It should look like this:

We need to configure Okta to map its user metadata into a format that Crossbeam expects. We should set up the following attributes:

***You will need to follow the spelling and capitalization EXACTLY as listed for the three fields below.

  • first (using Okta's user.firstName)

  • last (using Okta's user.lastName)

  • email (using Okta's

Like so:

Click Next.


Are you a customer or partner?

Select I'm an Okta customer adding an internal app

The rest is optional.

It should look like this:

Click Finish.

You should be taken to the Settings page on the Sign On page of your new app:

Click on "View Setup Instructions" in the settings box:

This will open a new tab with values you'll need to enter into Crossbeam:

  • Identity Provider Single Sign-On URL

  • X.509 certificate

You must copy and paste these values into your account's SSO Settings and hit Save Settings.

🎉 You're all set!

Logging in to Crossbeam with your Okta SSO

Head to your SSO Settings page and grab your Organization Crossbeam Log In URL, that will look something like this:

This is the unique URL you'll need to log in to your organization on Crossbeam via Okta's SSO.

Logging in to Crossbeam via Okta

You can also assign people or groups to the Crossbeam app in Okta so that they can login via the Crossbeam chiclet in their Okta dashboard.

Did this answer your question?