Manage your SSO connection

Open Beta

This feature is currently in open beta and available to all organizations.

Port allows company admins to configure SSO (single sign-on) directly from the portal.
This self-serve flow guides you through connecting your identity provider (IdP) to Port.

Prerequisites

This feature is available for enterprise accounts only.
Your account must use the multi-organization architecture.
You must be a company admin to configure SSO.
You need access to your identity provider's admin console to create and configure applications.

Setup

Follow these steps to configure SSO for your company:

Step 1: Initiate the SSO setup

Go to the Builder page of your portal.
Click on Organization settings in the left sidebar.
Navigate to the SSO tab.
Click the Set up SSO connection button.

URL validity

A unique SSO setup link will be generated for you, it will be valid for 5 hours after you first open it, or 5 days if you don't open it. You can copy and save the link to complete the setup later.

Step 2: Configure your identity provider

After clicking the continue button, you will be guided to configure the SSO connection.
The following identity providers are supported:

Okta
Entra ID
Keycloak
ADFS
Google Workspace
PingFederate
Custom SAML
Custom OIDC

The setup process is guided by Auth0's self-service assistant, which walks you through each step including creating an application in your IdP, configuring the connection, mapping claims, and testing the SSO integration. For a detailed example walkthrough of the assistant flow, see the Auth0 Self-Service SSO documentation.

Complete the configuration in your identity provider's admin console following the on-screen instructions.

Step 3: Monitor the connection status

While configuring your IdP, the Port UI displays the current status of your SSO connection:

Status indicator	Description
	The setup process is in progress or hasn't been verified yet.
	The SSO connection was successfully created and verified.
	The SSO connection setup failed. See the troubleshooting section below for resolution options.

Once you have completed the configuration in your identity provider, the window should update automatically. Otherwise click the Setup is Done button in Port to indicate that the process is finished.

Manage the connection

After the SSO connection is successfully established, you can configure the following options:

Set group filters - Click Set Group Filters to control which IdP groups sync into Port teams. You can use regular expressions (RegEx) to define allowed and blocked group patterns.

Group filter playground
The group filter configuration in Port is a playground for testing your RegEx patterns. Your patterns will be saved, but the groups themselves are not modified. Group management should always be done in your identity provider's admin console. Groups that are already synced to Port will appear by default in the playground, allowing you to test how your filters would affect them.
Block social login for domains - Your configured domains are displayed here. You can toggle social login blocking per domain. When enabled for a domain, users with email addresses from that domain must sign in through your SSO provider and cannot use social login methods (such as Google or GitHub sign-in). To add more domains, use Edit Connection.
Session settings - Click Session Settings to configure the maximum session duration (in minutes) for your SSO users.
Edit connection - Click Edit Connection to open the Auth0 management interface where you can modify your SSO configuration, including adding or managing domains associated with your SSO connection as well as managing the client secret.

Limitations

Terraform is not supported for self-serve SSO setup.

Troubleshooting

If you encounter one of the following issues, use the table to identify and resolve it:

Error	Cause	Resolution
Connection not created	The SSO connection was not created in Auth0.	Click `Start Again` to generate a new setup URL and repeat the configuration process or click `Setup is Done` once you complete the process.
Linking failed	The SSO provider is connected, but linking to the company in Port failed.	Contact Port's support team for assistance.

FAQs

Can we use multiple SSO providers? (click to expand)

No. Port supports only one SSO provider per company at a time.

How do we switch providers? (click to expand)

You need to delete the existing connection and start the setup process from the beginning. There is no migration path between SSO providers.

Prerequisites​

Setup​

Step 1: Initiate the SSO setup​

Step 2: Configure your identity provider​

Step 3: Monitor the connection status​

Manage the connection​

Limitations​

Troubleshooting​

FAQs​