How to set up single sign-on for Klaviyo One users

read
Last updated at:

You will learn 

Learn how to set up single sign-on (SSO) in Klaviyo. 

This feature is only available for Klaviyo One users. You must be an Admin or Owner to set up this feature. 

Why use SSO

Single sign-on (SSO) helps protect you, as well as your customers, by making your account more secure. If you have Klaviyo One and have SSO set up for your business, you can require users to log in to Klaviyo using their SSO credentials. 

Before you begin

If you want SSO on your account, we suggest reaching out to your company’s IT department to help you set this up.

If you use identity provided (IdP) single sign-on (SSO), you can use this to log into Klaviyo. Security assertion markup language 2.0 (SAML 2.0) SSO gives members access to Klaviyo through an IdP of your choice.

Examples of IdP SSO providers include Okta, Auth0, Google, OneLogin, Microsoft Azure AD, and more. 

Note that once SSO is enabled and just-in-time (JIT) provisioning is turned on, you can only update the user's role inside of the IdP and will not be able to update any roles inside of the Klaviyo app. To update any roles, you can either do it inside of your IdP or temporarily turn off JIT and update inside of Klaviyo. 

Create a workplace ID

You must have a workplace ID to set up SAML SSO in Klaviyo. 

Users can go directly to your company's custom URL (e.g., www.klaviyo.com/sso/workplace/<id>) to log into the application. We recommend telling users to bookmark this URL to help speed up the login process. 

Tips for creating a workplace ID: 

  • The ID cannot be longer than 63 characters
  • The ID must be URL safe, so it can contain only upper- or lowercase letters, hyphens (-), periods (.), underscores (_), and tildes (~)
  • The ID should be simple and easy for users to remember (such as your company name)
    • For example, Klaviyo’s workplace ID is “Klaviyo”

Set up SAML SSO

  1. In Klaviyo, click your organization name in the bottom left corner
  2. Click Account & billing
  3. Select Security 
  4. Click Set up SSO 
    Security tab in Klaviyo
  5. Copy the Klaviyo SSO URL
    SSO configuration page showing where you can copy the Klaviyo SSO URL and Audience URI
  6. In a new tab, log in to your SSO provider
  7. Find the confirmation settings for your provider
  8. Paste in the Klaviyo SSO URL and save
  9. Navigate back to the Security tab in Klaviyo
    Entire SSO configuration page
  10. Choose to either:
    1. Add in your IdP issuer and SSO
      Or
    2. Upload a file with this information
  11. Add your IdP certificate
  12. Add the identifier (also called the workplace ID) for your SSO login (often, this is the same name as your company)
  13. Click Test SSO
  14. Check the Enable SSO box 
  15. Optional: check one or more of the following boxes
    1. Require SSO for all users
    2. IdP initiated log in
    3. Just-in-time (JIT) provisioning
      Options for using SSO once it's been set up

Additional resources

x
Was this article helpful?
3 out of 12 found this helpful