You will learn
Learn how to set up single sign-on (SSO) in Klaviyo.
This feature is only available for Klaviyo One users. You must be an Admin or Owner to set up this feature.
Single sign-on (SSO) helps protect you, as well as your customers, by making your account more secure. If you have Klaviyo One and have SSO set up for your business, you can require users to log in to Klaviyo using their SSO credentials.
Before you begin
If you want SSO on your account, we suggest reaching out to your company’s IT department to help you set this up.
If you use identity provided (IdP) single sign-on (SSO), you can use this to log into Klaviyo. Security assertion markup language 2.0 (SAML 2.0) SSO gives members access to Klaviyo through an IdP of your choice.
Examples of IdP SSO providers include Okta, Auth0, Google, OneLogin, Microsoft Azure AD, and more.
Note that once SSO is enabled and just-in-time (JIT) provisioning is turned on, you can only update the user's role inside of the IdP and will not be able to update any roles inside of the Klaviyo app. To update any roles, you can either do it inside of your IdP or temporarily turn off JIT and update inside of Klaviyo.
Create a workplace ID
You must have a workplace ID to set up SAML SSO in Klaviyo.
Users can go directly to your company's custom URL (e.g., www.klaviyo.com/sso/workplace/<id>) to log into the application. We recommend telling users to bookmark this URL to help speed up the login process.
Tips for creating a workplace ID:
- The ID cannot be longer than 63 characters
- The ID must be URL safe, so it can contain only upper- or lowercase letters, hyphens (-), periods (.), underscores (_), and tildes (~)
- The ID should be simple and easy for users to remember (such as your company name)
- For example, Klaviyo’s workplace ID is “Klaviyo”
Set up SAML SSO
- In Klaviyo, click your organization name in the bottom left corner
- Click Account & billing
- Select Security
- Click Set up SSO
- Copy the Klaviyo SSO URL
- In a new tab, log in to your SSO provider
- Find the confirmation settings for your provider
- Paste in the Klaviyo SSO URL and save
- Navigate back to the Security tab in Klaviyo
- Choose to either:
- Add in your IdP issuer and SSO
Or - Upload a file with this information
- Add in your IdP issuer and SSO
- Add your IdP certificate
- Add the identifier (also called the workplace ID) for your SSO login (often, this is the same name as your company)
- Click Test SSO
- Check the Enable SSO box
- Optional: check one or more of the following boxes
- Require SSO for all users
- IdP initiated log in
- Just-in-time (JIT) provisioning