Back to Dashboard

Documentation

Learn how to use Asyntai

Getting Started
Installation Knowledge Base Test Your AI Manage Websites Customization AI Instructions Tips
Features
Website Crawl Knowledge Gaps Product Cards User Context Live Monitoring Human Takeover Escalation AI Notifications Daily Report Real-Time Data Feed Team Members Single Sign-On Include Images Image Vision Translation Widget Localization Leads Support Tickets Bookings Exclude Pages Smarter Model Enable Thinking Reply Suggestions Follow-up Messages Transcript Download
Analytics
Chat Analytics Chat Logs
Integrations
REST API Instagram Messenger WhatsApp Zapier Email Mobile Apps
Other
Add to Home Screen

Single Sign-On (SSO)

Allow your team to sign in with their company credentials

Configure SSO
Pro Plan

Overview

Single Sign-On (SSO) lets your team members sign in to Asyntai using their existing company credentials from identity providers like Okta, Azure AD, Auth0, Google Workspace, and more.

Instead of creating separate passwords, your team uses the same login they already use for other work apps - making it more secure and easier to manage.

How It Works

  1. You configure SSO - Add your identity provider details in settings
  2. Share the login URL - Give your team the unique SSO login link
  3. Team members sign in - They click the link and authenticate with their company account
  4. They become team members - Automatically added to your team with configured access
SSO Login
User visits SSO link
Redirected to company login
Logged in to Asyntai

Supported Identity Providers

SSO works with any provider that supports OpenID Connect (OIDC), including:

Okta
Azure AD
Auth0
Google Workspace
OneLogin
Any OIDC Provider

Setting Up SSO

To configure SSO for your organization:

1
Create an application in your IdP In Okta/Azure/Auth0, create a new "Web Application" or "OIDC App"
2
Get your credentials Copy the Client ID, Client Secret, and Discovery URL from your IdP
3
Set the callback URL In your IdP, set the callback URL to: https://asyntai.com/sso/YOUR-SLUG/callback/
4
Add provider in Asyntai Go to SSO Settings and enter your provider details
5
Share the login URL Give your team the SSO login link: https://asyntai.com/sso/YOUR-SLUG/login/

Configuration Fields

When adding an SSO provider, you'll need to fill in:

Field Description
Provider Name A friendly name for your SSO connection (e.g., "Acme Corp SSO")
Slug URL-friendly identifier used in the login URL (e.g., "acme-corp")
Discovery URL Your IdP's OIDC discovery endpoint (usually ends in /.well-known/openid-configuration)
Client ID The OAuth Client ID from your identity provider
Client Secret The OAuth Client Secret from your identity provider
Allowed Domains Restrict access to specific email domains (e.g., "acme.com"). Leave empty to allow all.

Domain Restrictions

For additional security, you can restrict SSO access to specific email domains. Only users with email addresses from the allowed domains will be able to sign in.

Example: If you set allowed domains to "acme.com, acme.co.uk", only users with emails ending in @acme.com or @acme.co.uk can use this SSO connection.

Team Member Integration

When someone signs in via SSO, they automatically become a team member linked to your account. This integrates with the existing Team Members feature.

SSO Sign-in User authenticates with company credentials
Auto Team Member Added to your team automatically
Website Access Access assigned websites

Auto-assign Settings

Configure what access new SSO users receive automatically when they first sign in:

Setting Description
Auto-assign all websites Give new SSO users access to all your websites automatically
Select specific websites Choose which websites to auto-assign (if not all)
Can access Setup Permission to view and edit chatbot setup and configuration
Can access Analytics Permission to view conversation analytics and reports

Tip: If you don't configure auto-assign, SSO users will see a "Waiting for Access" page until you manually assign websites via Team Members.

Managing SSO Team Members

After SSO users join your team, you can manage them like any other team member:

  • View all team members - Go to Team Members to see everyone
  • Change website access - Edit which websites each member can access
  • Update permissions - Modify Setup and Analytics permissions
  • Remove access - Remove team members when they leave

Security benefit: When someone leaves your company and loses access to your Identity Provider, they automatically lose the ability to sign in to Asyntai via SSO - no manual removal needed.

Discovery URLs by Provider

Here are the discovery URL formats for common identity providers:

Azure AD https://login.microsoftonline.com/{tenant-id}/v2.0/.well-known/openid-configuration
Okta https://{your-domain}.okta.com/.well-known/openid-configuration
Auth0 https://{your-tenant}.auth0.com/.well-known/openid-configuration
Google https://accounts.google.com/.well-known/openid-configuration

Note: SSO is available exclusively on the Pro plan. SSO users count toward your team seat limit.