1. Knowledge Base
  2. Account Administration

Single Sign-On (SSO)

Single Sign-On (SSO) offers the ability for an external service (e.g. Microsoft Active Directory, Google) to authenticate your organization's users to Pitchly.

Note: Single Sign-On is not available by default in Pitchly's plans. It is negotiated and configured on a plan-by-plan basis.

Single Sign-On Process Flow

Pitchly SSO Overview
  • The user visits Pitchly sign-on page and provides their email address.
  • SSO is detected for users and they are redirected to their organization's login page.
  • Login credentials (email/username and password) are authenticated against their organization's identity provider/authentication service.
  • SSO service passes back a signal to Pitchly that a successful sign-on/authentication has occurred.
  • The user is automatically logged into and placed in the Pitchly application.

Troubleshooting

If your company's users encounter problems using your SSO service to authenticate to Pitchly, there are a few things to keep in mind to help troubleshoot.

1) The Email Address Must Match All The Way Through

Pitchly maintains a single e-mail address for each user in our system and that e-mail address must match at all points in the SSO process outlined above.

Example: User whose email is pitchlyuser@yourcompany.com

  • Step 1 - Pitchly sign-on screen: User enters pitchlyuser@yourcompany.com
  • Step 2 - Your company's SSO: User enters pitchlyuser@yourcompany.com (and password)
  • Step 5 - After successful SSO authentication, Pitchly expects to receive from your SSO provider: pitchlyuser@yourcompany.com
2) The Email Domain Must Be Listed in Pitchly

In addition to a single email address for each Pitchly user, a list of email domains eligible for SSO is also stored within your company's Pitchly settings. (In the example above, the email domain is: yourcompany.com)

The SSO email domain list is created and maintained by Pitchly tech support staff and is intended as an added layer of security. Any new or changed email domains within your organization must be communicated to us to prevent SSO sign-in errors.

Note: Microsoft's cloud-based offerings sometimes put their own branding in the email domain, e.g. yourcompany.onmicrosoft.com - While either domain at the end of an email address may authenticate within your SSO system, it will not ultimately match the final Step 5 above, where Pitchly is expecting pitchlyuser@yourcompany.com.

In this scenario, both checks on the full email address itself and the email domain with "onmicrosoft" in it would fail to authenticate with Pitchly (Step 5).

Screenshots for Microsoft AD

Screenshot from 2020-03-25 15-03-58

Screenshot from 2020-03-25 15-04-08
 Screenshot from 2020-03-25 15-05-49

 

 

But as always, we're flexible—if your organization prefers to provide access by invite only Pitchly can accommodate.

 

Account Administrators have the option of setting default account permissions for all new users – our recommended best practice is to set the default permission to read-only.

 

 

Administrators have the power to adjust the permission level of individual team members within the Manage Users view of the account.

 

We are capable of supporting a wide array of connections including Microsoft Azure Active Directory, SAML, and Active Directory/LDAP.

To activate SSO on your Pitchly account reach out to your Account Executive or email Pitchly Support.

 

We’d love to hear from you. If you have any feedback on product enhancements or additional questions, email the team at PitchlySupport@pitchly.com.

 

Did this answer your question?