Kondo supports SAML SSO on the Enterprise plan for teams that need centralized login through their identity provider (e.g. Okta, Azure AD, OneLogin). With SSO enabled, your team signs into Kondo using their company credentials. Your IT admin controls who has access by assigning or unassigning the Kondo app in your identity provider.Documentation Index
Fetch the complete documentation index at: https://docs.trykondo.com/llms.txt
Use this file to discover all available pages before exploring further.
What SSO gives you
- Centralized access — IT controls who can access Kondo from your identity provider
- MFA enforcement — your company’s MFA policies apply to Kondo logins
- Automatic offboarding — when someone leaves and IT disables their account, they can no longer sign into Kondo
- New employee access — employees get a Kondo account automatically the first time they sign in through SSO
How to set up SSO
Reach out to us at [email protected] to get started. Here’s what the setup looks like:-
Your IT admin creates a SAML app for Kondo in your identity provider (e.g. Okta), using these URLs:
- Single sign-on URL (ACS URL):
https://yfcccyfridujjjlodvkz.supabase.co/auth/v1/sso/saml/acs - Audience URI (Entity ID):
https://yfcccyfridujjjlodvkz.supabase.co/auth/v1/sso/saml/metadata - Name ID format:
EmailAddress
- Single sign-on URL (ACS URL):
- Your IT admin assigns employees to the app
- Send us your SAML metadata URL and email domain at [email protected]
- We enable SSO for your domain — your team can start signing in
How your team signs in
- Go to the Kondo login page
- Click Sign in with SSO
- Enter your work email address
- You’ll be redirected to your company’s login page (e.g. Okta)
- Sign in with your company credentials
- You’ll be redirected back to Kondo, signed in