Pitchly Knowledge Base
  • Welcome to Pitchly!
  • Announcements
    • Q2 Product Updates Simplify Document Generation
  • Account Management
    • Manage Database
    • Permissions
  • Applications
    • Slides
    • Proposals
    • Forms
      • My Forms (all users)
      • Remove Responses
      • Editing form instructions
      • Manage a form
      • Forms Has Gone Dark
    • Documents
      • Conditional formatting
      • Copy templates across tables
      • Search text or images from a table
      • Undo and redo buttons
      • Table of Reference
  • Integrations
    • Templafy
    • SQL Connect
    • Zapier
    • API Keys
      • Creating an API Key
      • API Key Permission Options
      • Editing API Keys
      • App ID & App Secret
  • Single Sign-On
    • Single Sign-On Overview
Powered by GitBook
On this page
  • Single Sign-On Process Flow
  • Troubleshooting
  • 1) The Email Address Must Match All The Way Through
  • 2) The Email Domain Must Be Listed in Pitchly
  • Screenshots for Microsoft AD

Was this helpful?

Export as PDF
  1. Single Sign-On

Single Sign-On Overview

Single Sign-On (SSO) offers the ability for an external service (e.g. Microsoft Active Directory, Google) to authenticate your organization's users to Pitchly.

PreviousApp ID & App Secret

Last updated 5 years ago

Was this helpful?

Note: Single Sign-On is not available by default in Pitchly's plans. It is negotiated and configured on a plan-by-plan basis.

Single Sign-On Process Flow

  1. User visits Pitchly sign-on page and provides their email address.

  2. SSO is detected for user and they are redirected to their organization's login page.

  3. Login credentials (email/username and password) are authenticated against their organization's identity provider/authentication service.

  4. SSO service passes back a signal to Pitchly that a successful sign-on/authentication has occurred.

  5. The user is automatically logged into and placed in the Pitchly application.

Troubleshooting

If your company's users encounter problems using your SSO service to authenticate to Pitchly, there are a few things to keep in mind to help troubleshoot.

1) The Email Address Must Match All The Way Through

Pitchly maintains a single e-mail address for each user in our system and that e-mail address must match at all points in the SSO process outlined above.

Example: User whose email is pitchlyuser@yourcompany.com

  • Step 1 - Pitchly sign-on screen: User enters pitchlyuser@yourcompany.com

  • Step 2 - Your company's SSO: User enters pitchlyuser@yourcompany.com (and password)

  • Step 5 - After successful SSO authentication, Pitchly expects to receive from your SSO provider: pitchlyuser@yourcompany.com

2) The Email Domain Must Be Listed in Pitchly

In addition to a single email address for each Pitchly user, a list of email domains eligible for SSO is also stored within your company's Pitchly settings. (In the example above, the email domain is: yourcompany.com)

The SSO email domain list is created and maintained by Pitchly tech support staff and is intended as an added layer of security. Any new or changed email domains within your organization must be communicated to us to prevent SSO sign-in errors.

Note: Microsoft's cloud-based offerings sometimes put their own branding in the email domain, e.g. yourcompany.onmicrosoft.com - While either domain at the end of an email address may authenticate within your SSO system, it will not ultimately match the final Step 5 above, where Pitchly is expecting pitchlyuser@yourcompany.com.

In this scenario, both checks on the full email address itself and the email domain with "onmicrosoft" in it would fail to authenticate with Pitchly (Step 5).

Screenshots for Microsoft AD

Step 1 - Pitchly Login Screen
Step 2.1 - Your company's SSO prompt
Step 2.2 - User provides their email & password to your SSO