> ## Documentation Index
> Fetch the complete documentation index at: https://docs.introw.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Single Sign-On

> Let your team and your partners sign in through your identity provider with SAML - centralized access, your security policy, and one less password for everyone.

> Security teams want one place to grant and revoke access, and users want one less password. Single sign-on connects Introw to your identity provider with SAML, for both your internal team and your partner portal.

## What it does

Single sign-on lets people log in to Introw through your identity provider using SAML. Internal SSO
covers your own team's access to Introw, and portal SSO covers how partners sign in to the portal. In
both cases, your identity provider becomes the source of truth for who can access what, and you map the
identity attributes that identify each user.

When you turn on SSO, sign-in follows your existing policies, so onboarding and offboarding a user
happens in the same place you manage the rest of your stack, no separate password to provision or
revoke.

## The problem it solves

Standalone logins are a security and admin burden on both sides of the partnership:

* **Access lives outside your identity provider** → SAML makes your IdP the source of truth for sign-in.
* **Offboarding a user means hunting down every tool** → Revoke in your IdP and access to Introw ends.
* **Partners juggle yet another password** → Portal SSO lets partners use their own identity provider.
* **Security review stalls the rollout** → Standard SAML configuration meets existing policy.

## From problem to solution

Configure SAML once for your team and, where partners require it, for the portal. Sign-in then follows
your identity provider for everyone, so access is centralized, auditable, and consistent with the rest
of your security posture.

## Use cases

<CardGroup cols={2}>
  <Card title="Centralize team access" icon="circle-check">
    Manage internal sign-in from your IdP.
  </Card>

  <Card title="Offboard cleanly" icon="circle-check">
    Revoke access in one place.
  </Card>

  <Card title="Meet partner security" icon="circle-check">
    Let partners sign in via SAML.
  </Card>

  <Card title="Pass security review" icon="circle-check">
    Use standard SAML configuration.
  </Card>
</CardGroup>

## Impact

* **Trust and accuracy** - Access follows your identity provider and security policy.
* **Low total cost of ownership** - Admins configure SSO directly, no engineering required.

## Who it's for

<CardGroup cols={2}>
  <Card title="CRM Administrator" icon="user">
    Owns identity and access policy.
  </Card>

  <Card title="Economic Buyer" icon="user">
    Needs a de-risked, compliant rollout.
  </Card>
</CardGroup>

## Works with

{/* CONNECTS:START - generated content goes here */}

<CardGroup cols={2}>
  <Card title="Portal Access" icon="browser" href="/features/portal/portal-access">
    Partners sign in to the portal through SSO.
  </Card>

  <Card title="Team Management" icon="shield-halved" href="/features/access/team-management">
    SSO authenticates users; roles set what they can do.
  </Card>

  <Card title="Custom Domains" icon="browser" href="/features/portal/custom-domains">
    Run SSO on your branded portal domain.
  </Card>
</CardGroup>

## Going deeper

<CardGroup cols={2}>
  <Card title="How to" icon="screwdriver-wrench" href="./technical">
    Setup, configuration, and all how-to guides.
  </Card>

  <Card title="API reference" icon="code" href="/general/introduction">
    Integration surface and code.
  </Card>
</CardGroup>
