Skip to main content

SSO Frequently Asked Questions

FAQ for ObservePoint's Single Sign-On System

Product Enablement avatar
Written by Product Enablement
Updated over 2 weeks ago

Q: Can we use federated SSO to log users into ObservePoint without requiring them to set or store a password?

A: Yes, ObservePoint supports IdP-initiated SAML.

Q: Is it correct to assume that full name and email would still need to be stored with each account?

A: Yes, ObservePoint provisions a “user” record with name and email from your identity provider.

Q: Can accounts be provisioned automatically (e.g., via SSO login) with a predefined base level of access (e.g., read-only access)?

A: Yes, ObservePoint supports the auto-provisioning of new users with a “standard” access level. Account admins can disable this feature if needed. Typically, customers configure a security group in the IdP to allow-list the users they want to grant access to ObservePoint, ensuring it’s appropriate to automatically assign them the standard access level.

Q: If we have an automated system for data subject access/delete requests, or if an employee account is removed from our corporate directory, are there automated ways to remove the user record from ObservePoint?

A: Yes, ObservePoint has an API that can be called with the API key of an admin user to delete user records.

Q: Does ObservePoint prevent users from logging in via username and password when my account uses SSO?

A: Yes, ObservePoint prevents all SSO users from logging in directly. If a user which belongs to an account with SSO enabled attempts to log in via direct username and password, ObservePoint redirects them to the account's SSO system.

Q: Can I link multiple ObservePoint accounts to the same IdP application?

A: No. The SAML protocol prevents linking multiple ObservePoint accounts to a single IdP application. To link multiple ObservePoint accounts to the same company's IdP, you will need to create multiple "applications" in your IdP for each ObservePoint account.

Did this answer your question?