Single Sign-On (SSO) offers the ability for an external service (e.g. Microsoft Active Directory, Google) to authenticate your organization's users to Pitchly.
Note: Single Sign-On is not available by default in Pitchly's plans. It is negotiated and configured on a plan-by-plan basis.
Single Sign-On Process Flow
- The user visits Pitchly sign-on page and provides their email address.
- SSO is detected for users and they are redirected to their organization's login page.
- Login credentials (email/username and password) are authenticated against their organization's identity provider/authentication service.
- SSO service passes back a signal to Pitchly that a successful sign-on/authentication has occurred.
- The user is automatically logged into and placed in the Pitchly application.
If your company's users encounter problems using your SSO service to authenticate to Pitchly, there are a few things to keep in mind to help troubleshoot.
Pitchly maintains a single e-mail address for each user in our system and that e-mail address must match at all points in the SSO process outlined above.
Example: User whose email is firstname.lastname@example.org
- Step 1 - Pitchly sign-on screen: User enters email@example.com
- Step 2 - Your company's SSO: User enters firstname.lastname@example.org (and password)
- Step 5 - After successful SSO authentication, Pitchly expects to receive from your SSO provider: email@example.com
In addition to a single email address for each Pitchly user, a list of email domains eligible for SSO is also stored within your company's Pitchly settings. (In the example above, the email domain is: yourcompany.com)
The SSO email domain list is created and maintained by Pitchly tech support staff and is intended as an added layer of security. Any new or changed email domains within your organization must be communicated to us to prevent SSO sign-in errors.
Note: Microsoft's cloud-based offerings sometimes put their own branding in the email domain, e.g. yourcompany.onmicrosoft.com - While either domain at the end of an email address may authenticate within your SSO system, it will not ultimately match the final Step 5 above, where Pitchly is expecting firstname.lastname@example.org.
In this scenario, both checks on the full email address itself and the email domain with "onmicrosoft" in it would fail to authenticate with Pitchly (Step 5).
Screenshots for Microsoft AD
But as always, we're flexible—if your organization prefers to provide access by invite only Pitchly can accommodate.
Account Administrators have the option of setting default account permissions for all new users – our recommended best practice is to set the default permission to read-only.
Administrators have the power to adjust the permission level of individual team members within the Manage Users view of the account.
We are capable of supporting a wide array of connections including Microsoft Azure Active Directory, SAML, and Active Directory/LDAP.
To activate SSO on your Pitchly account reach out to your Account Executive or email Pitchly Support.
We’d love to hear from you. If you have any feedback on product enhancements or additional questions, email the team at PitchlySupport@pitchly.com.
Did this answer your question?