Articles in this section

See more

Authentication Options: Email and Password, Google Sign-In, and SAML SSO

Iterable provides three ways to authenticate members:

  • Email and password
  • Google Sign-In
  • Single Sign-on (SSO) via SAML, using an identity provider (IdP) such as Okta

This article describes these options and how to set them up.

In this article

Authentication methods

You can choose any combination of these methods for members to access your organization.

Email and password

Members can log in to Iterable with their email address and a password that they create.

For new organizations, this is the default sign-in mechanism.

Google Sign-In

With this option, members use Sign in with Google to access their Iterable accounts. Use this option only if your team members have active Google accounts.

To log in with Google Sign-In, members can click Continue with Google on Iterable's login screen:

Continue with Google

NOTES

  • Iterable members must be added to at least one project by an Iterable org administrator, and may use any Google-based email address.
  • Authenticating with Google Sign-In doesn't restrict members by domain—they may use any email that works with Google Sign-In.

Single Sign-on (SSO) via SAML

Authenticate members with single sign-on (SSO), and optionally manage authorization in your identity provider (IdP) as well.

With this option:

  • Members authenticate using single sign-on (SSO).
  • If you'd like, you can manage authorization (Iterable roles and permissions) in your IdP.

SSO customization options

When setting up SSO, you'll need specify how your Iterable organization manages members and their roles, and how those members are allowed to log in to Iterable

To manage Iterable members and their roles, you can either:

  • Rely on your IdP as the source of truth for Iterable org permissions, roles, and project assignments (Use SSO for both authentication and authorization).
  • Allow Iterable administrators to manage org permissions, roles, and project assignments from within Iterable (Use SSO for authentication only).

For member login, you can choose to allow:

  • SAML only—all users must sign in via SSO.
  • SAML and other options—some users use SSO, some use username and password, and/or some use Google Sign-In.

To learn more about Iterable's SSO support, visit Single Sign-On (SSO) Overview.

Signing in with SSO

There are two ways to use an identity provider to sign in to Iterable:

  • Open Iterable from your identity provider's app (IdP-initiated).

  • Enter your email address on Iterable's sign-in screen and click Continue. This redirects you to your IdP for authentication, and then back to Iterable as a logged in member (SP-initiated).

IMPORTANT

As of March 28, 2023, IT administrators must change their SAML settings for Iterable in order to get the best experience. Current settings will be deprecated at a future date.

Until you've completed these changes, all SSO users can log in via the Log in with SSO button on Iterable's login page.

To read the full announcement, visit our release notes.

Setting authentication methods

To select an authentication scheme for your Iterable organization:

  1. Log in to Iterable as a member that has the Manage Members org permission.

  2. Go to Settings > Authentication.

  3. In the Authentication Policy section, click Edit Policy.

  4. Select at least one authentication method:

    Authentication policy settings

    To use SSO for authentication, visit Setting up Single Sign-on (SSO) for instructions.

    NOTE

    Previously, when you selected SSO as an authentication method, you couldn't disable it later to use another method. This is no longer the case.

    If you enable SSO and later need to turn it off, de-select the authentication method on this page and choose another.

  5. Click Save.

Further reading

Related articles

Comments

0 comments

Article is closed for comments.