Yes! Our SSO options are detailed below.
Access to SAML SSO is dependent on your FullStory plan. Please contact your Account Executive or firstname.lastname@example.org to learn more.
FullStory can integrate with your company's Single Sign-On solution so that team members can log in to FullStory using their SSO credentials. This eliminates the need for your users to have separate FullStory credentials, and enables you to apply the same authentication policies to FullStory as you do with your other enterprise apps.
Just-in-Time (JIT) Provisioning
Spend less time provisioning accounts and ensure only the right employees have access with Just-in-Time (JIT) provisioning for SAML. New users can be automatically provisioned when they first log in from your enterprise SAML SSO sign-in page.
Currently, customers using our Umbrella Management for multiple accounts will only be able to use JIT provisioning for one account.
Which Identity Providers do we support?
Our SSO offering supports all major Identity Providers who use the SAML 2.0 protocol. This includes Okta, Azure AD, and many others.
Which SSO flows do we support?
We support both Service Provider-initiated SSO (in which users log in via a FullStory login page) as well as Identity Provider-Initiated SSO (in which users log in from your IdP dashboard).
How is SSO configured?
SSO configuration is handled “behind the scenes” in collaboration with your FullStory account team. There are currently no in-app settings related to SSO.
Can I choose to require SSO for all team members?
Yes! When SSO is initially configured, it defaults to “optional” mode. In optional mode, users can log in with a FullStory username and password or with SSO. At any time, your FullStory admin can toggle your plan from "optional" mode to "required" mode from your Team Settings page. Once "required" mode has been enabled all users will be required to log in with SSO and users will no longer be able to log in with their usernames and passwords.
Anything else I should know?
Today, deleting a user from your Identity Provider does not automatically delete them from your FullStory team. To free up their seat, you’ll also need to manually delete them from FullStory.
The ability to authenticate with Google is available to all customers. Team administrators can choose to require all team members to log in via Google. You can learn more about Google Authentication in this article. Note that Just-in-Time provisioning is not supported for Google Authentication at this time.