Single Sign-On (SSO) is an authentication process that utilizes external identity providers (IdP) such as G Suite. Kibela currently allows users to login using their G Suite account.

SSO using G Suite Authentication

Set up SSO

Ask your owner or admin to configure G Suite authentication by accessing “Settings” ⇢ “Single Sign-On.” Once SSO is enabled, all user sessions will be deactivated and they will need to login with their G Suite account. 

Just-in-Time Provisioning

Kibela supports Just-in-Time Provisioning (JIT provisioning). This allows unregistered users to create new accounts on-demand when they first log in to Kibela using G Suite authentication. Thus, once the SSO is configured, there is no need to invite users  when new team members join. 

What happens to existing accounts when SSO is enabled

For accounts registered before SSO activation, if the email addresses matches with the SSO enabled accounts, the users can continue to log in using their G suite credentials. 

If they use an email address not registered on Kibela, they can create a new account with their unregistered account using JIT provisioning. 

Deprovisioning

 If a team member leaves and their G Suite account has been deactivated, Kibela will automatically deactivate their G Suite bound Kibela account. However, this action will only occur once a day, therefore a deactivated user's Kibela account may be active for a maximum of 24 hours. If you wish to deactivate immediately, please do so from the “member management” setting.  

SSO with SAML 2.0

We currently support only G Suite authenticated SSO, but we plan to support SAML 2.0 authenticated SSO. This feature will only be available on the Enterprise Plan. 

Did this answer your question?