Implementing SSO is quick, easy and painless. Contact us to get started.


How is access managed with SSO?

All access is managed from within Reduct as usual. Users must be invited to a project or workspace to access any content, and signing in with SSO does not grant any access by itself.

Does Reduct support just-in-time provisioning?

No, users must sign up or be invited from within Reduct to use the platform. SSO is only used for authentication, and does not grant access to the content in a workspace.

What happens if I can’t log in?

You can contact for any problems with SSO.

Can there be a mix of SSO and non-SSO accounts?

SSO is configured by domain, and enforced for all users with an email address at that domain. You can invite others (such as guests or contractors) with a different email domain, and they won’t be subject to SSO.

What SAML attributes does Reduct support?

Reduct currently uses only the NameID (email), but you’re encouraged to provide a full name, short (first) name, and profile image URL. There’s no spec for these attributes yet, but they may be used in the future.

Configuration details

Configure your Identity Provider using Reduct’s Service Provider configuration XML, located here:

Or manually, as follows:

It’s best if your IdP is configured to allow all users to access the app. Users must be added from within Reduct to have access to content and use paid seats. Once they’re invited, though, your IdP should allow them access.

OneLogin example

Okta example

Did this answer your question?