Single Sign-On Overview

Single Sign-On (SSO) offers the ability for an external service (e.g. Microsoft Active Directory, Google) to authenticate your organization's users to Pitchly.

Note: Single Sign-On is not available by default in Pitchly's plans. It is negotiated and configured on a plan-by-plan basis.

Single Sign-On Process Flow

  1. User visits Pitchly sign-on page and provides their email address.

  2. SSO is detected for user and they are redirected to their organization's login page.

  3. Login credentials (email/username and password) are authenticated against their organization's identity provider/authentication service.

  4. SSO service passes back a signal to Pitchly that a successful sign-on/authentication has occurred.

  5. The user is automatically logged into and placed in the Pitchly application.

Troubleshooting

If your company's users encounter problems using your SSO service to authenticate to Pitchly, there are a few things to keep in mind to help troubleshoot.

1) The Email Address Must Match All The Way Through

Pitchly maintains a single e-mail address for each user in our system and that e-mail address must match at all points in the SSO process outlined above.

Example: User whose email is pitchlyuser@yourcompany.com

  • Step 1 - Pitchly sign-on screen: User enters pitchlyuser@yourcompany.com

  • Step 2 - Your company's SSO: User enters pitchlyuser@yourcompany.com (and password)

  • Step 5 - After successful SSO authentication, Pitchly expects to receive from your SSO provider: pitchlyuser@yourcompany.com

2) The Email Domain Must Be Listed in Pitchly

In addition to a single email address for each Pitchly user, a list of email domains eligible for SSO is also stored within your company's Pitchly settings. (In the example above, the email domain is: yourcompany.com)

The SSO email domain list is created and maintained by Pitchly tech support staff and is intended as an added layer of security. Any new or changed email domains within your organization must be communicated to us to prevent SSO sign-in errors.

Note: Microsoft's cloud-based offerings sometimes put their own branding in the email domain, e.g. yourcompany.onmicrosoft.com - While either domain at the end of an email address may authenticate within your SSO system, it will not ultimately match the final Step 5 above, where Pitchly is expecting pitchlyuser@yourcompany.com.

In this scenario, both checks on the full email address itself and the email domain with "onmicrosoft" in it would fail to authenticate with Pitchly (Step 5).

Screenshots for Microsoft AD

PreviousApp ID & App Secret

Last updated