Organization SSO
Organization admins can use Settings → SSO to let members sign in to a specific organization with an OpenID Connect (OIDC) identity provider.
Before you start
-
Create or confirm each member's RunSafe Platform account and organization membership from Settings → Users.
-
Configure an OIDC application in your identity provider.
-
Add the Platform callback URL to that OIDC application:
https://app.runsafesecurity.com/auth/org-sso/<organization-id>/callbackReplace
<organization-id>with the organization ID from the SSO sign-in URL shown in Settings → SSO.
The identity provider must return a stable subject (sub) claim and a verified email claim. The Platform uses the verified email to find an existing Platform user, then links the provider subject to that user's membership in the organization. SSO sign-in does not create Platform users or organization memberships automatically.
Configure SSO
- Open Settings → SSO.
- Turn on SSO enabled.
- Enter the OIDC Issuer URL.
- Enter the OIDC application Client ID and Client secret.
- Select whether to Require SSO for organization admins.
- Save changes.
- Copy the SSO sign-in URL and share it with members who should sign in through the identity provider.
When SSO is enabled, organization members must use the organization SSO sign-in URL to access that organization. Organization admins can still sign in with email and password unless Require SSO for organization admins is enabled.
Update or rotate the client secret
To rotate the OIDC client secret, enter the new value in Client secret and save changes. If you leave the field blank, the Platform keeps the existing stored secret.