Writer supports SAML Single Sign-On (SSO), allowing integration with Okta, Google, Ping Identity, and OneLogin.
To configure SSO in Writer, head to the
Admin Panel at the top right of the Writer dashboard.
SAML SSO in the left menu.
Add your email domain. Confirm the email domain that you have set up with your IdP. Only users with this domain will be able to log in via SAML SSO. You can add more than one email domain.
Select your Identity Provider from the drop-down menu.
Upload your SAML metadata xml file. This file is provided by your identity provider (IdP).
Add the Writer SAML endpoint to your IdP's setup form:
Use this endpoint for single sign-on URL, recipient URL, and destination URL.
If you need to enter an audience restriction, use:
We accept both first_name and family_name as mapping attributes. Make sure to add those attributes in your SAML settings (if you're using gsuite, you'll find this in your admin config) so we can populate the first and last name of user when they create a profile in Writer for the first time.
Once you've uploaded the xml file, you can
Configure SSO settings.
First, you can
Allow uninvited users to create an account via SAML SSO. By allowing this, if users from your organization don't already have a Writer account, an account will be auto-created for them when they sign in with SSO. If you enable this option, you'll need to select a
default team for these users.
Tip: If you're unsure whether to allow or disable this option, you can disable it during initial setup. Any user with admin access can allow this option at a later date without needing to otherwise reconfigure the SSO setup.
Next, you can
Allow team members to create passwords and sign in without SSO. By allowing this, users from your organization can create their own passwords and sign into their Writer accounts without SSO. By disabling this, users will only be able to sign in with SSO.
Tip: If you decide to block users from singing in with a password, we advise that you do not disable this setting until you have fully tested your SSO setup. You might block all users, including admins, if there's an error in the setup.