Skip to main content
All CollectionsAccount Management
Setting Up SAML SSO in Crossbeam
Setting Up SAML SSO in Crossbeam

Improve user experience and increase security with SAML SSO.

Lindsey O'Niell avatar
Written by Lindsey O'Niell
Updated over a week ago

Make login simple and secure by integrating your identity provider (IdP) with Crossbeam.

❗️Important

SAML SSO is only available on the Supernode plan. To upgrade your account, visit the Plan & Billing page.

In this article:

✍️ Note

Certain attributes, such as email, first name, and last name, are required by Crossbeam to set up SAML SSO. For example configurations, refer to this Okta SSO article or this Salesforce SSO article.

Configuring SSO in Crossbeam

From the Settings icon, scroll down to Login Options section.

Next, fill in the following fields:

  • Identity provider Single Sign On URL: This is the URL used to start the log in process.

  • X.509 certificate: This allows Crossbeam to validate SAML requests from your identity provider.

Click Save Settings when done.

❗️Important

The X.509 Certificate must be in this format:

-----BEGIN CERTIFICATE-----

Paste your signing certificate from your IdP here

-----END CERTIFICATE-----

Here is an example:

screenshot example of what to insert into SSO URL and X.509 Certificate

Next, enable SAML SSO by toggling on the enable option:

Screenshot in Crossbeam showing Log in options toggling on SAML SSO

Enforcing SSO Log In

To enforce SSO log in, select My team must log in with SSO. You will be presented with the option to exclude users from being required to log in via SSO. While you will retain your original login as well, we recommend including anyone who cannot log in via SSO, or any additional users who can still access Crossbeam in the event of an identity provider failure.

Pre-Provision SSO Users

SSO-enabled organizations can pre-provision users from the Invite user modal, located under the Setting Icon. If SSO is allowed, toggle on Pre-Register using SSO for SSO login. If SSO is required, the toggle will be set to on and unable to be adjusted.

Invited users retain their specified seats and roles.

Click Send invites when done.

✍️ Note

Any existing users will be removed from Crossbeam unless you enter them into the SSO Login Exceptions box. They will need to login via Okta to be re-added to the account.

Just-in-Time (JIT) Provisioning

New teammates can add themselves to this workspace if they have the appropriate IdP credentials. Every new user that gains access for the first time via SSO will be given the View Only role. Learn more about user roles and permissions here.

Hit Save Settings to save your SSO configuration.

Logging into Crossbeam with SSO

To log in to Crossbeam via SSO, you must have the login URL for your organization. It will look something like this:

https://app.crossbeam.com/login?sso=02f05e41-6e18-4ec6-a297-830ee9b707a9

You can find your specific org's log in on your Settings page:

Visiting that URL should take you to an SSO login landing page in Crossbeam that looks something like this:

If you click Log in with SAML SSO, you will be taken to your IdP's login page. The following example shows Okta's login page:

Logging into your IdP will then subsequently log you in to Crossbeam.

The following help articles cover the IdP set up for Okta & Salesforce:

✍️ Note

If you do not already have a Crossbeam account, one will be created for you upon log in with the View Only user role. Contact an admin on your account to receive any additional permissions.

🎓 Sign in to Crossbeam Academy to further explore SAML SSO!

📄 Related Articles

Related Articles
Crossbeam Copilot for Salesforce
Configuring SAML SSO with Okta
Configure SAML SSO with Salesforce
SSO Exception User for OAuth Integrations with Crossbeam
Installation Guide: Crossbeam for Salesforce (v1)
Did this answer your question?