Community now supports optional Single Sign-On (SSO) so your team can securely log in using your company credentials — no need to manage separate passwords.
Single Sign-On (SSO) is available on the following Community plans:
- Advanced
- Professional
- Premier
- Ultimate
Not sure which plan you’re on or need to upgrade? Reach out to your Account Executive or contact Support.
This guide explains how SSO works and what your organization needs to get started.
What is SSO?
Single Sign-On (SSO) allows members of your organization to log in to Community using the same credentials they use for other company tools (e.g., Okta, Microsoft Entra ID, OneLogin).
This helps:
- Simplify access for team members
- Improve security through centralized authentication
- Eliminate the need to manage multiple usernames and passwords
What is Currently Included?
- SSO is optional. Users can still log in using their Community username and password.
- Supports both IdP-initiated and SP-initiated SSO flows.
- SSO setup is currently managed by Community’s Support and Services teams.
- Enforcement of SSO-only login is not available at this stage.
How SSO Login Works
Community supports two ways to log in with SSO: either by starting from your company’s internal SSO dashboard (IdP-initiated) or by entering your work email directly on the Community login page (SP-initiated). Both options let you access your account without needing a separate password — and if you’re heading to a specific page, we’ll take you straight there after login.
The following section walks through the user experience for both IdP- and SP-initiated SSO flows.
Option 1: IdP-Initiated Login
- Go to your company’s SSO dashboard (e.g., Okta, Entra).
- Click on the Community app tile.
- You’ll be logged in to Community automatically — no password required.
Option 2: SP-Initiated Login
- Go to Community Login.
- Click Sign in with SSO.
- Enter your work email address.
- You’ll be redirected to your company’s login page.
- After logging in, you’ll be redirected back to Community and signed in.
💡 If you already had a deep link (like a campaign or message page), we’ll drop you right where you left off.
How to Set Up SSO for Your Organization
To set up SSO, your IT team will need to provide a few details from your Identity Provider (IdP):
Required Information
| Field | Description |
| Entity ID | Unique identifier for the Community app (usually a URI, e.g., https://community.com/sso/metadata) |
| ACS URL | The endpoint where your IdP sends the login response. Usually: https://community.com/sso/acs |
| Public Certificate (X.509) | Used to verify SAML responses |
| Domains | One or more email domains to route through SSO (e.g., yourcompany.com) |
Once you have this information, send it to your Community point of contact or open a Support ticket. Our team will configure your SSO setup and confirm when it’s ready.
⚠️ Important: SSO setup is not currently self-serve. All configuration is handled by the Community team.
Testing and Troubleshooting
After setup, we recommend:
- Testing with a few users before rolling out broadly.
- Trying both login methods (via SSO dashboard and Community login page).
- Confirming that users can access deep links after SSO login.
If you run into issues:
- Double-check that your domain is configured correctly.
- Make sure your IdP settings match Community’s ACS URL and Entity ID exactly.
- If needed, our team can check SAML logs to help debug.
FAQ
Can users still log in with a username and password?
Yes — SSO is optional in this phase. Users can choose either method.
Can we enforce SSO for all users?
Not yet. Enforced SSO (i.e., password login disabled) is coming in a future update.
Can we manage SSO settings ourselves?
At this time, setup is managed by Community. We’ll notify you when self-service options become available.
What if a user has multiple Community accounts?
They’ll be prompted to choose the right account after logging in with SSO.
Need Help?
If you’re ready to set up SSO or have questions, reach out to yourfriends@community.com.