Single Sign-On (SSO)

Single sign-on (SSO) is available on the Enterprise plan. Please speak to a member of the Count team to discuss enabling SSO for your workspace.

Configuring SSO for your workspace

Count supports OIDC SSO, and is compatible with a broad range of identity providers. See the following pages for more help on the configuration steps required for your provider:

Domain verification

SSO only becomes active once ownership of the appropriate domains has been proven. After adding an SSO domain, a unique verification code is generated.

Add this code to your DNS records and select Verify to confirm ownership of the domain. This step is usually quick, but in some cases can take up to 72 hours.

Copy the domain verification code from the Count SSO settings tab
Copy the domain verification code from the Count SSO settings tab

Info

Once SSO has been configured for a workspace, the email domain whitelist in the workspace settings will have no effect, and the SSO domain list will take precedence.

SSO options

Once SSO is configured and at least one domain has been verified, there are several options to further customise behaviour.

Enforce SSO

If SSO is enforced, users will only be able to access this workspace and its resources if they have most recently signed in using SSO.

Public canvases are still visible to everyone if SSO is enforced, but will only be editable if the viewer has signed in using SSO.

Info

Workspace owners can always log in using any method, regardless of this setting. If you encounter an issue signing in using SSO, contact your workspace owner to resolve the issue.

Automatic provisioning

If this setting is enabled, any user signing in with an email address at one of the verified domains will automatically be added to this workspace with a member role.