Skip to main content

What is SAML SSO?

SAML 2.0 (Security Assertion Markup Language) is an industry-standard protocol that lets your team sign in to EmailBison using your company’s existing identity provider (such as Microsoft Entra ID (Azure AD), Okta, Google Workspace, OneLogin, or JumpCloud) instead of a separate username and password. In SAML terms, your identity provider (IdP) vouches for who your users are, and EmailBison acts as the service provider (SP) that trusts those assertions.

Why use it?

One less password - your team signs in with the company credentials they already use every day. Centralized access control - grant or revoke access to EmailBison directly from your identity provider. When someone leaves your organization, disabling their IdP account removes their access. Your security policies apply - multi-factor authentication, device policies, and conditional access rules enforced by your IdP automatically apply to EmailBison. Automatic account creation - new team members get an EmailBison account the first time they sign in. No manual invitations needed.

How signing in works

A user visits their organization’s dedicated sign-in link, e.g. https://app.example.com/sso/emailbison. They’re redirected to your identity provider’s familiar sign-in page. Your IdP verifies their identity (including any MFA your organization requires). The IdP sends a signed, encrypted assertion back to EmailBison confirming who they are. They’re signed in and land in EmailBison within a couple of seconds. If your team uses an app dashboard (like the Okta home page or the Microsoft 365 app launcher), users can also start from there: clicking the EmailBison tile signs them straight in.

How signing out works

Signing out of EmailBison ends the EmailBison session. If your organization enables SAML Single Logout (SLO), signing out can also end the session at your identity provider, so a shared or public computer isn’t left signed in elsewhere. We’ll configure this with you based on your preference during setup.

What we’ll need from you

Setup takes about 15 minutes with your IT administrator: You send us your identity provider’s metadata URL (or metadata XML file). Your IT admin can find this in your IdP’s admin console. For example, Entra ID calls it the “App Federation Metadata URL,” and Okta shows it under the application’s Sign On tab. We send you back our service provider details (Entity ID, ACS URL, and metadata) to paste into your IdP’s application settings. We run a test sign-in together, then enable it for your whole team.

Get started

To get your organization connected, please contact us via your dedicated slack channel