Single Sign-on

You can configure your organization's Studio accounts to use single sign-on (SSO). When users enter an email associated with an SSO-enabled organization, they are directed to an identity provider login portal, ultimately integrating into your organization's identity and access management (IAM) solution.

SSO offers several advantages:

  • Increased security, leveraging any multi-factor authentication steps enforced by your identity provider.
  • Direct control, allowing administrators to set up or revoke user access in existing user admin tools.
  • Streamlined authentication, directing users to an existing log-in portal rather than forcing users to manage a new set of credentials.

Note: If you are interested in setting up SSO for your organization, please reach out to us.

SSO User Experience

Studio utilizes domain discovery to determine whether the user's email belongs to an enterprise organization. This means that when a user enters their email, our SSO system will automatically detect their enterprise organization.

The user experience is as follows:

  1. The user enters their organization email on Studio's log-in page.
  2. If the email is associated with an enterprise organization, the user is redirected to your identity provider's authentication portal.
  3. Once (or if already) verified, the user is returned to Studio, now logged in to their enterprise account.

Depending on your organization's IAM solution, several verification actions (passing tokens, assertions, etc.) are conducted between each step. This information can be provided via custom, private documentation.

Set up SSO

To enable SSO on your account, contact your Studio representative. Foursquare will configure SSO on the customer's behalf.

Required Information

Our team will require a set of information to fully configure SSO for your organization.

Required information varies between identity providers. For example, a SAML connection requires the following information:

  • Sign in URL
  • X509 signing certificate
  • Sign out URL (if available)
  • SAML token attributes for user id, email, first/last name, and email verification status
  • IdP-initiated SSO behavior preferences

Supported Identity Providers

Studio currently supports Security Assertion Markup Language (SAML) for single sign-on.

Support for other identity providers is available upon request. These providers include, but are not limited to:

  • Active Directory/LDAP
  • ADFS
  • Azure Active Directory Native
  • Azure Active Directory
  • Google Workspace
  • OpenId Connect
  • Okta
  • PingFederate
  • WS-Fed
  • OAuth2

IdP-intiated SSO Behavior Preferences

IdP-initiated SSO behavior refers to calling the Foursquare Studio application from a client’s identity provider portal.

This configuration is supported, but is optional and disabled by default. Instead, service provider initiated SSO behavior is assumed. This behavior refers to the Foursquare Studio application being called from a browser using the application URL.