Skip to main content

Setup SSO

Single Sign-On (SSO) allows users to sign in to the sayhii desktop app and portal using their existing corporate credentials. This makes access seamless and secure—no need for users to remember yet another password.

When your organization is created, sayhii will set up an initial administrator account using our built-in authentication. You’ll use this admin account to log in and configure your corporate identity provider for SSO access.

tip

You’ll want to loop in your IT department for this setup. Make sure the person handling SSO has admin-level access to your corporate identity provider.

warning

Once configured, the SSO integration will automatically provision new accounts for any users who are granted access through your identity provider.

If you plan to upload users via CSV or connect through an HRIS, we recommend syncing user accounts before assigning access via SSO. Auto-provisioned SSO accounts may not align correctly with demographic data from other sources.

Want a walkthrough? This video covers everything you need to set up your identity provider:


Supported Identity Providers

sayhii supports both pre-configured and custom identity provider connections.

Pre-configured connections include:

  • Okta Workforce
  • Google Workspace
  • Microsoft Entra
  • ADFS
  • Active Directory / LDAP
  • Ping Federate

Custom connections supported:

  • SAML
  • OpenID Connect

Testing Your SSO Setup

Before enabling SSO for your full organization, we recommend a quick test to ensure everything is configured correctly.

Step-by-Step Testing Process

  1. Create a test group in your identity provider
    Add a small number of users (or just yourself) to this group. This lets you test SSO without giving access to everyone at once.

  2. Assign sayhii access to the test group
    In your identity provider, assign sayhii access to the group you just created.

  3. Log in using a test user
    Open the sayhii portal or desktop app and choose the SSO login option. Sign in using one of the test accounts.

  4. Check the results in sayhii

    • Did the user land in the portal or desktop app successfully?
    • Was the user auto-provisioned correctly?
    • Is demographic information (name, department, etc.) displaying as expected?

  5. Verify account alignment
    If you’re also using an HRIS or CSV upload, double-check that the test user wasn’t duplicated and that demographic data matches.

  6. Test different devices
    Try logging in on both the desktop app and the web portal to confirm consistent behavior across platforms.

  7. Remove test access (optional)
    Once testing is complete, you can remove sayhii access from the test group or repurpose the accounts.

🛠 Troubleshooting Tips

  • Issue: User can’t log in
    Make sure the user is assigned the sayhii application in your identity provider.

  • Issue: Auto-provisioned user is missing information
    Confirm that demographic data was synced before enabling SSO for that user. If not, you may need to update manually or through HRIS/CSV.

  • Issue: Unexpected users appear in sayhii
    Double-check group-based access rules in your identity provider. SSO provisioning is automatic on user login—any user with access may show up in sayhii.