Ctrlk

Authentication methods and Single Sign-On (SSO)

Authentication methods

Steeple offers two authentication methods:

  • Email + password : default method, each employee logs in with their Steeple credentials

  • Single Sign-On (SSO) : login via an enterprise identity provider (Azure AD, Okta, Google Workspace)

What is SSO?

SSO (Single Sign-On) allows employees to log in to Steeple with their existing company credentials, without creating a separate account.

Benefits

  • Centralized access management

  • No duplicate accounts

  • Security aligned with the company's tools

  • Ability to automate user provisioning

Protocol

Steeple implements SSO via SAML V2.0.

Important note

Steeple does not support Single Logout (SLO) : once the Steeple session is established, it is independent of the identity provider's session and expires according to its own validity period.

Supported identity providers

  • Azure Active Directory (Microsoft Entra ID)

  • Okta

  • Google Workspace

Set up SSO

Configuration is done from Administration > Integrations (/administration/integrations).

SSO with Azure Active Directory

  1. Create a non-gallery enterprise application in Azure (Identity > Applications > Enterprise Applications)

  2. In Steeple: Administration > Integrations > Install, configure the SSO button name and reserved domains

  3. Copy the Steeple metadata into Azure's basic SAML configuration

  4. Configure the user attributes (email, first_name, last_name, provider_identifier)

  5. Copy the federation metadata URL from Azure

  6. Import into Steeple by pasting the URL and clicking "Import metadata"

  7. Assign users and groups in Azure β€” the administrator who sets it up must also be assigned

SSO with Okta

  1. Create a SAML 2.0 integration in Okta (Applications > Create App Integration)

  2. Copy the Steeple URLs (from Administration > Integrations > Okta SAML > Install) into Okta

  3. Set the Name ID format to EmailAddress

  4. Configure the attributes as specified

  5. Retrieve the metadata URL from Okta's "Sign on" tab

  6. Import into Steeple

SSO with Google Workspace

  1. Create a custom SAML application in Google (Applications > Web and mobile > Add an app)

  2. Download the Google metadata XML file

  3. Configure Steeple metadata in Google Workspace and vice versa

  4. The Google XML file must be hosted at an accessible URL (use secure internal hosting, do not use a third-party public service) to be imported into Steeple

  5. Configure user attributes

Migrating to SSO

  • Same email in the company directory and in Steeple: seamless transition, the existing account is retained

  • Different email : a new account is created β€” the user must unify their email addresses before migration

Multi-community architectures (parent/child)

For organizations with parent/child communities, it is possible to map identity provider groups to specific Steeple communities. The configuration varies by provider:

  • Azure AD : use group claims with the group's object_id

  • Okta : configure Okta groups (replace spaces with underscores in names)

  • Google Workspace : add the sso_group_id attribute

What the assistant can do

The assistant can guide the user to the page Integrations via navigate_to and explain authentication concepts. For detailed technical setup, direct them to https://help.steeple.com/

PreviousAdd an employeeNextMy access request is pending, why?

Last updated

Was this helpful?