Objective
Learn more about how single sign-on (SSO) works with the Outreach platform through answers to common questions.
Applies To
- Outreach Users
Frequently Asked Questions
Will enabling SSO for Outreach cause any problems for those who have already logged in via email/password
Enabling SSO while some users are currently logged in shouldn't invalidate their sessions immediately. Currently logged in users will simply need to log back in as soon as their current session times out, and the new login will be via their SSO provider. There should be no disruption, assuming users are already familiar with logging in with SSO.
Is it possible to have some users sign in via SSO and others using email and password?
No, once the SSO is enabled, it will apply to all the users in the instance.
Does Outreach support provisioning a license through our SSO provider if we run out of licenses? For example, when a new sales rep joins the team and they log in to our SSO provider for the first time, what happens if we are out of Outreach licenses?
You won't be able to add licenses via SSO. If you have the additional licenses already, you can auto-provision seats through your SSO provider, but we'll need your explicit permission to add additional seats to your subscription overall.
If our SSO provider went down, can we sign into Outreach without using SSO (ie via the Outreach website)?
Once SSO is enabled, it becomes the only way to access your org's Outreach seats. In the unlikely event that your SSO provider goes down, you would need to contact your CSM or the Outreach support team to have them disable SSO for your org, at which point all users who need to log in would need to create a new password and use that to log in.
Can I set up SSO with Multiple Orgs?
If your company has multiple Outreach orgs, there may be some additional considerations when setting up SSO.
If your Outreach orgs have no users in common, Admins will need to create an application for each org in your SSO provider's interface and your users will be assigned to one or the other. Each user should only see the org they are assigned to and no additional set up should be required.
If your Outreach orgs have common users, Admins will need to use a custom email address for the second organization so that the two addresses are not identical. For example, if the email address you use for the first Outreach instance is jane.smith@example.com, your address for the second instance could be jane.smith+sales@example.com. You'll also need to set up the second instance of Outreach to use a NameID instead of email. For more information regarding configuring NameID, refer to the Advanced Settings for Identity Provider (SSO) article.
Does Outreach provide the Azure Tenant URL?
No, that should normally be provided by Azure and their support team.
Can I configure automatic SCIM provisioning via Azure AD?
No, for automatic SCIM provisioning, Outreach currently does not support a gallery app for Azure; however, we provide a SCIM API via OAuth. (See also: Outreach SCIM Protocol.)
Can orgs with SSO enabled use the Guest Access feature?
Yes, Guest Access can be used fully irrespective of whether SSO has been set up for the instance. For SSO customers, this provides flexibility and an additional layer of security and access control, accommodating both:
- SSO accounts for Guests
- Outreach-specific Guests who have no access to any other resource inside the company
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article