User authentication

Enable domain-restricted sign upConfigure single sign-on (SSO)
Google and MicrosoftManaged identity providerJust-in-time provisioning
Configure OpenID ConnectConfigure OktaConfigure G SuiteConfigure Azure Active DirectoryConfigure Active Directory Federation Services (AD FS)
More articles
Help homeWorkspace adminUser authentication

Configure single sign-on (SSO)

Dovetail offers multiple ways to log in to a workspace.

Google and Microsoft

On the Team workspace you can instruct your users to authenticate to Dovetail in one click via OAuth 2.0 using their Google or Microsoft account. If they use OAuth 2.0 to create their account, they’ll never need to set a password with us to log in.

Managed identity provider

Business and Enterprise only

This feature is only available on our business and enterprise plans. Business and enterprise workspaces come with additional features and support to meet your organization’s needs. Check out our pricing page for more information on business and enterprise.

Pricing page

You can configure an SSO integration with Auth0, Azure Active Directory, Okta, Google Cloud Identity or any other identity provider that supports OpenID Connect. Enterprise customers also have the ability to enforce SSO for all users in the workspace and disable other log in methods.

Read the following set up guides for common identity providers:

  • Configure Okta

  • Configure Azure Active Directory

  • Configure G Suite

  • Configure Active Directory Federation Services (AD FS)

Just-in-time provisioning

Dovetail supports just-in-time (JIT) provisioning when domain-restricted sign up is enabled for your SSO domain. When domain-restricted sign-up is enabled, a user that tries to log in when they don’t have an account will automatically have a new viewer account created for them. If your identity provider supports custom JWT claims at a per-user level you can optionally override the default viewer role they are first granted on a per-product basis by providing the `default_dvtl_playback_role`, `default_dvtl_markup_role`, and `default_dvtl_backstage_role` keys with a values of either "MANAGER", "CONTRIBUTOR", "VIEWER", or "NO_ACCESS".

Was this article useful?

Related articles

Workspace admin

Configure Okta

Workspace admin

Configure Azure Active Directory

Workspace admin

Configure G Suite

Workspace admin

Configure OpenID Connect

Workspace admin

Enable domain-restricted sign up


David Richard

Senior Software Engineer

Chris Doble

Lead Developer

Matt Davidson

Software Engineer

Article info

Last updated 13 May 2022
1 min read

Get help

Can’t find what you’re looking for? Search through our articles or contact our support team and get a response within 24 hours.

Get help
Get started, free forever

Start free
A few of our customers

See more customers →

PlaybackMarkupBackstageEnterpriseIntegrationsCustomersPricingStatusLog in