An Introduction to Single Sign On (SSO)

This article explains how Single Sign On (SSO) works on the Sounding Board platform, what your IT team needs to set it up, and what users can expect at login once SSO is configured.

This article is for IT administrators and Coaching Admins.

How SSO Works on Sounding Board

Sounding Board supports SSO through Security Assertion Markup Language (SAML) 2.0. Once configured, users in your organization can access the Sounding Board platform using your company's identity provider (IdP) — such as Microsoft Entra ID (formerly Azure AD) or Okta — without needing a separate Sounding Board password.

The login page detects each user's authentication setup automatically and displays only the relevant sign-in options for their configuration. There are three possible login modes:

- SSO-only: Users sign in through your company's IdP. No password option is shown.

- Password-only: Users create and use a Sounding Board password. No SSO option is shown.

- Hybrid: Users can choose to sign in with SSO or with a password.

Tip: Your organization's login mode is set at the tenant level by the Sounding Board team based on your SSO configuration request. See the setup steps below.

What Sounding Board Needs to Configure SSO

To configure SSO for your organization, provide the following to the Sounding Board team:

Exported certificate
Login URL / Entry Point
Email domain(s)

Optional: If you want to disable password login and enforce SSO-only access, include this in your request.

ALERT: Disabling password login affects all users with email addresses in the specified domain(s). Users will not be able to log in with a password once this is enforced.

Once the Sounding Board team receives these details, they will confirm when configuration is complete.

SSO Configuration for Multiple Domains

Sounding Board SSO supports multiple email domains. To set this up:

- Provide a list of all domains to the Sounding Board team — they will add these to your tenant.

- Your IT team must also manage any external or guest users in your IdP.

If a user's email is configured in your IdP and their domain has been added to your Sounding Board tenant, login will work automatically.

Implementation Checklist for IT Admins

1. Share user details with your IT team. Provide the names and email addresses of Sounding Board users to your IT team ahead of account creation. IT teams commonly create user or security groups to manage SSO access efficiently.

2. Configure users for SSO access in your IdP. Ensure all Sounding Board users are set up within your identity provider before their accounts are created in Sounding Board.

3. Create user accounts in Sounding Board. A user's email being configured in your IdP is not enough — they must also have an account in the Sounding Board platform. Accounts that don't exist in Sounding Board cannot log in, even if SSO is configured correctly.

4. Upload users through your standard onboarding process. Admins should continue uploading users to Sounding Board as part of their existing onboarding workflow.

5. Welcome emails. Once accounts are created, users will receive a welcome email from Sounding Board. The email CTA routes each user to the correct login experience based on their authentication configuration — SSO-only users will be directed to sign in through your IdP and will not be prompted to create a password.

Tip: SSO-only users will reliably receive a welcome email upon account creation. If users previously reported not receiving onboarding emails, this has been resolved as of the SSO Onboarding UX release.