Single sign-on

How to enable Single Sign-On for your team

Single sign-on (SSO) is a feature that allows you to give your team members one login for all of the platforms your company uses. If you’re an Enterprise client with access to SSO, you can require your team to log in to Lexer using their SSO credentials. This article will walk you through what it is, how it works, and its setup.

Note: setup requires an IT administrator with experience creating applications in your identity provider.

How it works

SSO means that your team members will not log in with their Lexer password, but will instead be directed to your company identity provider to authenticate. This ensures that only active employees from your team can access your Lexer account. It also allows you to enforce your own password policy, multi-factor enrolment rules, and IP whitelisting.

Your team will continue to access Lexer from clients.lexer.io/login; however, when they provide their email address and click ‘Next’, we will check to see if SSO is required for their account and will route them to your company’s identity provider for authentication. Once they have successfully authenticated with their employee credentials, they are sent back to Lexer with permission to access the platform.

We can enforce SSO for your team in two ways:

  1. Anyone in your team with a company email address must authenticate with SSO.
  2. Anyone in a particular group in your team must authenticate with SSO.

Once a user is authenticated using your company identity provider, their Lexer Groups will control access to products, integrations, and feature permissions.

Setup

Configuring SSO for your team requires no setup in your account, and is completely managed by Lexer and your IT administrator. We will configure all of the technical information on your behalf, removing the headache of finding URLs and Certificates.

Your IT administrator will create a Lexer SSO config and provide us with the following:

  • Entity ID - the Identity Provider Entity ID, also called Issuer URL.
  • SSO URL - the URL used to login to your identity provider.
  • Certificate - X.509 certificate offered by your identity provider.

Lexer will configure your SSO and provide your IT administrator with:

  • Assertion Consumer Service URL.
  • Audience URI.

Lexer will assist your IT team in verifying the connection to ensure your team can authenticate using your identity provider. Finally we will enable SSO required for your team and their next login will require authentication via your identity provider.

Additional technical information:

  • Lexer supports SAML 2.0.
  • NameID field is to contain the user’s email address. No other attributes are required.
  • SAML2 request binding is HTTP Post.
  • Request signature algorithm is SHA-256.

User provisioning

Adding new team members to your Lexer account will require an invite from someone in your team with manager permissions. New users will receive a welcome email, instructions to create their account, and will require SSO authentication on their first login. New users will still set up a password in case SSO is ever disabled for your Lexer account.

Access is revoked as soon as a team member is disable in your company identity provider. Their account will continue to exist in Lexer until they are archived or deleted.

What it looks like

Your team will continue to log in at clients.lexer.io by providing their email address:

3584

Then our routing rule will detect that SSO is enabled for that user, and will direct them to your company authentication page. For example, if you're using Microsoft Azure, it will look like this:

3584

Once you have successfully authenticated your team will be taken to the Lexer home page.

Let’s get started

That's all for Single sign-ons and now you can get in touch with your Lexer Success Manager who can help you setup SSO for your team.

Updated:
September 19, 2022
Did this page help you?
Thank you! Your feedback has been received!
Oops! Something went wrong while submitting the form, for assistance please contact support@lexer.io
Welcome to Lexer!
Fundamentals
Getting started
Our glossary
Fundamentals
Getting started
Integrations
Fundamentals
Setup
My account
Fundamentals
Setup
Manage team
Fundamentals
Setup
Group permissions
Fundamentals
Setup
Classifications
Fundamentals
Setup
Out of the box segments
Fundamentals
Setup
Browser guide
Fundamentals
Security
Corporate networks
Fundamentals
Security
Emergency contact
Fundamentals
Security
Multi-factor authentication
Fundamentals
Security
Single sign-on
Fundamentals
Security
Trust and compliance
Fundamentals
Security
Lexer's Identity Resolution
Fundamentals
Identity Resolution
Troubleshooting tech issues
Fundamentals
Troubleshooting
Error code: 503 Service Unavailable
Fundamentals
Troubleshooting
Error code: 401 Unauthorized
Fundamentals
Troubleshooting
Error code: 403 Forbidden
Fundamentals
Troubleshooting
Troubleshooting Activate
Fundamentals
Troubleshooting
Troubleshooting Respond
Fundamentals
Troubleshooting
Help! My data is missing from the Hub
Fundamentals
Troubleshooting
Understanding APIs at Lexer
Data
Data Onboarding
Providing JSON data to Lexer
Data
Data Onboarding
Providing CSV data to Lexer
Data
Data Onboarding
Upload using SFTP
Data
Data Onboarding
Upload using S3
Data
Data Onboarding
Lexer data specification
Data
Lexer Data Specification
Customer data specification
Data
Lexer Data Specification
Commerce data specification
Data
Lexer Data Specification
Marketing data specification
Data
Lexer Data Specification
Compliance data specification
Data
Lexer Data Specification
Data Formatting and Validation
Data
Getting Started with APIs
Authentication and API token creation
Data
Getting Started with APIs
Rate Limits
Data
Getting Started with APIs
Response codes and common errors
Data
Getting Started with APIs
Product imagery
Data
Getting Started with APIs
Currency conversion
Data
Getting Started with APIs
Lexer’s APIs overview
Data
Lexer’s APIs
Dataset management in the Hub
Data
Dataset management
Chatbox user API
Data
Lexer’s APIs
Activity API
Data
Lexer’s APIs
Visualize API
Hidden from nav
Profile Read API
Data
Lexer’s APIs
Lexer Javascript Tag basics
Data
Lexer Javascript Tag
Lexer Javascript Tag technical guide
Data
Lexer Javascript Tag
Lexer Javascript Tag use cases
Data
Lexer Javascript Tag
dataLayer configuration: Shopify
Data
Lexer Javascript Tag
Customer segment CSV export
Data
Data off-boarding
Export to CSV
Data
Data off-boarding
Data in Lexer's CDXP
Understand
Customer Data
Lexer's attributes
Understand
Customer Data
Attribute value types
Understand
Customer Data
Data source - CRM
Understand
Customer Data
Data source - Transactions
Understand
Customer Data
Data source - Email
Understand
Customer Data
Partner data - Experian
Understand
Customer Data
Partner data - Mastercard
Understand
Customer Data
Partner data - Roy Morgan
Understand
Customer Data
GDPR and CCPA requests
Understand
Customer Data
Upload data files
Understand
Customer Data
File upload API
Understand
Customer Data
Data provision and schemas
Understand
Customer Data
Segment overview
Understand
Segment
Creating segments
Understand
Segment
Smart Search
Understand
Segment
Export attribute results
Understand
Segment
Contact a customer
Understand
Segment
Fixing a disabled segment
Understand
Segment
Profile tab
Understand
Segment
Compare segments
Understand
Compare
Compare attributes
Understand
Compare
Activate overview
Engage
Activate
Ongoing activations
Engage
Activate
Audience splits
Engage
Activate
A/B splits
Engage
Activate
Control group splits
Engage
Activate
Inbox filtering
Engage
Respond
Ignored Senders
Engage
Respond
Forms for service
Engage
Respond
Workflow states
Engage
Respond
Bulk changes
Engage
Respond
Scheduled replies
Engage
Respond
Message templates
Engage
Respond
Customer profiles
Engage
Respond
Grouped messages
Engage
Respond
Automation rules
Engage
Respond
Redact messages
Engage
Respond
Track overview
Measure
Track
Activity overview
Measure
Activity
Team report
Measure
Activity
Cases report
Measure
Activity
Listen overview
Measure
Listen
Searching in Listen
Measure
Listen
Tier filters
Measure
Listen
Boolean search
Measure
Listen
Saved dives
Measure
Listen
Email notifications
Measure
Listen
Twitter data
Measure
Listen
Facebook data
Measure
Listen
Instagram data
Measure
Listen
Visualize overview
Measure
Visualize
Curate feed
Measure
Visualize
Report overview
Measure
Report