Back to Help Center
SSO/SAML Setup
Single sign-on allows your team to log in using your company's identity provider instead of separate passwords.
Supported Providers
Okta
SAML 2.0 app integration
Azure AD
Enterprise Application with SAML
Google Workspace
Custom SAML app in Admin Console
OneLogin
SAML connector (advanced)
Setup Steps
- 1Go to Settings > SSONavigate to your organisation settings and select the SSO tab.
- 2Choose your identity providerSelect from the preset list or choose "Custom SAML" for other providers.
- 3Enter SAML detailsProvide the Entity ID (Issuer URL), SSO Login URL, and X.509 certificate from your IdP.
- 4Set allowed domainsOptionally restrict SSO to specific email domains (e.g. yourcompany.com).
- 5Enable and testToggle the configuration to active and test with a team member.
Enforcing SSO
Once SSO is active, you can optionally enforce it for all users. This disables email/password login and requires everyone to authenticate through your identity provider.
Before enforcing SSO, make sure all team members have accounts in your identity provider. Enforcing SSO will lock out anyone without IdP access.
Attribute Mapping
Renewly maps standard SAML attributes automatically. By default, email and name are mapped. You can customise the attribute names if your IdP uses different field names.
FAQ
Can I have multiple SSO providers?
Yes, you can configure multiple providers. Users will be matched based on their email domain.
What happens if SSO is disabled?
Users fall back to email/password authentication. Existing sessions remain active.
Is SSO available on all plans?
SSO is available on the Pro plan and above.