Single Sign-On (SSO)

Enterprise

Single Sign-On (SSO) is an authentication process that enables users to access multiple applications using a single set of login credentials. This feature is available to all Basis Theory Enterprise customers, providing a seamless and secure login experience.

Setting up SSO initially requires an existing Basis Theory account (Username-Password, Google, or GitHub). After configuration, Basis Theory can transfer tenant ownership to a new SSO account, allowing you to discontinue using the previous account.

Supported Authentication Protocols

SSO with Basis Theory can be configured using the following identity protocols/providers:

• Okta
• OpenID Connect (OIDC)
• Security Assertion Markup Language (SAML)

Enforcing SSO

As an additional login control for a tenant, SSO can be enforced for all tenant users. An existing SSO connection must be configured before enabling this option.

Enforcing SSO can be enabled in the Customer Portal by navigating to the tenant Settings page from the sidebar, selecting the Identity tab, and enabling the Enforce SSO option. Click on Save Changes to confirm.

All users which accounts are not using SSO will be removed from the tenant.