As the owner, SSO allows you to select who has access to your Phrase account by using your existing identity provider/SSO solution.
Your users will be able to access the Phrase account, as long as they’re logged in to your organisation’s identity provider system.
Within your identity provider solution, you will be able to take control of the following rights:
- Manage who is able to access Phrase
- Update user details (first/last name)
Once SSO is enabled, you will still be able to manage all user roles within your Phrase account.
SAML SSO is available to all customers on Pro and Exclusive Plans.
How to set up SAML SSO?
In order to activate SAML SSO, you must be be logged in as the owner of that account.
Choose SSO in your account navigation.
Enable SSO and follow the setup steps below.
You can find the information that you need, in order to setup Phrase with your identity provider in the first part of the SSO settings.
Fill in the information from your identity provider in the second part of the SSO settings.
Auto Provisioning and Enforced SSO
Note that Auto Provisioning has to be enabled, in order to automatically set up a new Phrase account for users that don't have access to Phrase yet.
Those user accounts will initially have a translator role with limited rights but can be changed by a manager at any times.
When clicking the Enforce SSO box, a password based login won't be possible anymore.
Set up SSO in okta
Please note: Administrative access in your okta instance is required to set up SSO in okta . This process is only accessible within the Classic UI in okta.
To configure Phrase SSO with okta, do the following:
Log in to okta. Make sure that you are in the administrative instance of your okta developer account.
Open the applications settings
Create a new application
Update the SAML settings with the information provided in your Phrase SSO settings.
Finish the setup process and view the SAML 2.0 settings provided by okta
Copy and paste those settings provided by okta into your Phrase SSO settings.
Does multi-account login work between non-SSO accounts?
Yes. Switching between non-SSO accounts works.
Does multi-account login work between SSO and non-SSO accounts?
No. If you are a collaborator on multiple accounts, switching from or to accounts that are SSO-enabled will not be allowed for security reasons. To log into a non-SSO account, logout and login to your non-SSO account with your e-mail and password on phrase.com.
How to revoke a user’s access
Within Phrase you can remove the user so he/she will not be able to access any projects anymore. To revoke the access completely, you have to revoke the rights within your Identity Provider.