As your organization grows, managing access becomes more than just logging in. It becomes about control, security, and consistency across your team. Single Sign-On (SSO) allows you to bring Puzzle into that system by connecting it directly to your identity provider.
With SSO enabled, access to Puzzle is no longer handled in isolation. It becomes part of how your organization already manages authentication, ensuring that the right people have access in the right way, without added friction.
💡 Plan Requirement: Single Sign-On (SSO) is available on the Enterprise plan only. If you don’t see the Security tab in your Organization settings, your current plan may not include SSO access.
🔐 Why Use SSO?
🔑 Centralized authentication: Manage access through your identity provider instead of separate logins.
⚡ Seamless login experience: Users sign in with their existing work credentials.
🛡️ Stronger security controls: Apply your organization’s authentication policies across Puzzle.
👥 Scalable access management: Easily onboard and manage users as your team grows.
Step-by-Step Guide to Enable SSO
Follow the steps below to set up Single Sign-On for your organization and ensure your team can log in securely.
1️⃣ Access the SSO Settings
1️⃣ Access the SSO Settings
Go to your Organization view
Open the Security tab (shield icon in the sidebar) If you don’t see this tab, SSO may not be enabled on your plan.
Only Owners and Admins can access this section.
2️⃣ Configure Your SSO Connection
2️⃣ Configure Your SSO Connection
Follow these steps to connect Puzzle with your identity provider:
Copy the ACS URL and SP Entity ID from Puzzle
Add these values when creating a Puzzle app in your identity provider (e.g., Okta)
After setting up the app, copy your provider details and add them into Puzzle:
SSO Domain
IdP SSO URL
IdP Entity ID / Issuer
X.509 Certificate
Click Save to store your configuration
💡 If you're unsure where to find these values, your IT team or identity provider can help.
3️⃣ Understand the Login Experience
3️⃣ Understand the Login Experience
Once SSO is enabled, Puzzle automatically guides users through the correct login flow.
Invited users
Click the invitation link
Automatically redirected to your identity provider
Logged in and taken into Puzzle
Existing users
Click Sign in with SSO on the login page
Enter their work email
If the domain matches your organization, they are redirected to your provider
If the domain is not recognized
Users will see a message and can log in using another method
4️⃣ Test Your Setup
4️⃣ Test Your Setup
Before rolling SSO out to your team:
Click Test Connection in the Security tab
Confirm that authentication works successfully
If the test fails:
Double-check your inputs
Make sure values match your identity provider
5️⃣ (Optional) Require SSO for All Users
5️⃣ (Optional) Require SSO for All Users
You can enforce SSO across your organization by enabling:
Require SSO for all users
When enabled:
Users must log in through your identity provider
Standard email/password login is restricted for your domain
Conclusion
Enabling SSO aligns Puzzle with how your organization already manages access. It centralizes authentication, simplifies onboarding, and ensures your team can sign in securely using the systems they trust.
Once configured, your team can access Puzzle seamlessly while your organization maintains full control over access management.