Skip to main content

What is SSO?

Single Sign-On lets your team access OptiDev using their existing company login — the same one they use for email, Slack, or other work apps. Benefits:
  • One password — no separate OptiDev account to remember
  • IT control — manage access through your identity provider
  • Instant offboarding — when someone leaves, access is revoked automatically

How It Works

┌──────────────┐      ┌──────────────┐      ┌──────────────┐
│    User      │ ───► │  Your IdP    │ ───► │   OptiDev    │
│  clicks      │      │ (Okta/Azure) │      │   account    │
│  "Sign In"   │      │  verifies    │      │   created    │
└──────────────┘      └──────────────┘      └──────────────┘
  1. User visits OptiDev and clicks Sign in with SSO
  2. They’re redirected to your company’s login page (Okta, Azure AD, etc.)
  3. After entering their company credentials, they’re sent back to OptiDev
  4. OptiDev creates their account automatically on first login

Before You Start

You’ll need:

Admin access to your IdP

You need to create a new SAML application in Okta, Azure AD, or your identity provider.

Your company email domain

The domain you want to enable SSO for (e.g., yourcompany.com).

Setup Guides

Choose your identity provider:

Okta

Step-by-step guide for Okta administrators.

Microsoft Azure AD

Step-by-step guide for Azure AD administrators.
Using a different identity provider? Contact support — we support any SAML 2.0 compliant IdP.

What Happens After Setup

For Your Team

  • Employees visit OptiDev and click Sign in with SSO
  • They enter their company email and are redirected to your IdP
  • After authentication, they land in OptiDev — account created automatically

For IT Admins

  • New employees get OptiDev access through your IdP (no manual invites)
  • Terminated employees lose access immediately when disabled in your IdP
  • You control which groups/teams can access OptiDev

Managing Users

Once SSO is enabled, user management happens in your identity provider:
TaskWhere to Do It
Add a new userYour IdP (Okta/Azure AD)
Remove a userYour IdP — disable or remove from the app
Reset passwordYour IdP — OptiDev doesn’t store passwords
Change user’s roleOptiDev workspace settings (after they’ve logged in)
Users must log in at least once before you can assign them to workspaces or change their role in OptiDev.

Troubleshooting

  • Verify the user is assigned to the OptiDev app in your IdP
  • Check their email domain matches your SSO-enabled domain
  • Confirm SSO is fully configured and tested
  • The email domain may not be linked to your SSO setup
  • Contact your IT admin to verify domain configuration
  • New SSO users need to be added to a workspace after first login
  • Ask your workspace admin to invite them

For Developers

SAML Configuration

  • Protocol: SAML 2.0
  • SP Entity ID: https://auth.optiprime.com/saml/{organization_id}
  • ACS URL: https://auth.optiprime.com/saml/{organization_id}/acs
  • SP Metadata: GET https://auth.optiprime.com/saml/{organization_id}/metadata

Supported IdPs

  • Okta
  • Microsoft Azure AD (Entra ID)
  • Google Workspace
  • Any SAML 2.0 compliant provider

User Provisioning

  • JIT (Just-In-Time) provisioning on first login
  • Attributes synced: email, firstName, lastName, displayName
  • Group memberships passed as raw SAML attributes
  • Workspace/role mapping configured per-product

Security

  • IdP certificates encrypted at rest (AES-256-GCM)
  • SAML assertions validated server-side
  • All authentication attempts logged for audit