Iterable provides three ways to authenticate members:
- Email and password
- Google Sign-In
- Single sign-on (SSO), using an identity provider (IdP) such as Okta
This article describes these options and how to set them up.
In this article
You can choose any combination of these methods for members to access your organization.
Email and password
Members can log in to Iterable with their email address and a password that they create.
For new organizations, this is the default sign-in mechanism.
With this option, members use Sign in with Google to access their Iterable accounts. Use this option only if your team members have active Google accounts.
To log in with Google Sign-In, members can click Continue with Google on Iterable's login screen:
- Iterable members must be added to at least one project by an Iterable org administrator, and may use any Google-based email address.
- Authenticating with Google Sign-In doesn't restrict members by domain—they may use any email that works with Google Sign-In.
Single sign-on (SSO) via SAML
Authenticate members with single sign-on (SSO), and optionally manage authorization in your identity provider (IdP) as well.
With this option:
- Members authenticate using single sign-on (SSO).
- If you'd like, you can manage authorization (Iterable roles and permissions) in your IdP.
SSO customization options
When setting up SSO, you'll need specify how your Iterable organization manages members and their roles, and how those members are allowed to log in to Iterable.
To manage Iterable members and their roles, you can either:
- Rely on your IdP as the source of truth for Iterable org permissions, roles, and project assignments (use SSO for both authentication and authorization).
- Allow Iterable administrators to manage org permissions, roles, and project assignments from within Iterable (use SSO for authentication only).
For member login, you can allow:
- SAML only—all users must sign in via SSO.
- SAML and other options—some users use SSO, some use username and password, and/or some use Google Sign-In.
To learn more about Iterable's SSO support, visit Single Sign-On (SSO) Overview.
Signing in with SSO
There are two ways to use an identity provider to sign in to Iterable:
- Open Iterable from your identity provider's app (IdP-initiated).
- Enter your email address on Iterable's sign-in screen and click Continue. This redirects you to your IdP for authentication, and then back to Iterable as a logged in member (SP-initiated).
As of March 28, 2023, IT administrators must change their SAML settings for continued login support. To read the full announcement, visit our release notes.
Setting authentication methods
To select an authentication scheme for your Iterable organization:
Log in to Iterable as a member that has the Manage Members org permission.
Go to Settings > Authentication.
In the Authentication Policy section, click Edit Policy.
Select at least one authentication method:
To use SSO for authentication, visit Setting up Single Sign-on (SSO) for instructions.
Previously, when you selected SSO as an authentication method, you couldn't disable it later to use another method. This is no longer the case.
If you enable SSO and later need to turn it off, de-select the authentication method on this page and choose another.