Skip to main content
OpenCX supports enterprise single sign-on on Enterprise plans. Teams log in through your identity provider (Okta, Azure AD / Entra ID, Google Workspace, or any SAML 2.0 / OIDC IdP) instead of per-user email + password.
SSO isn’t self-serve yet. Contact [email protected] to start onboarding — we’ll work with your IdP admin to exchange metadata, assign the right attributes, and cut over without disrupting active sessions.

What onboarding covers

  • Protocol — SAML 2.0 or OIDC. Pick whichever your IdP handles best.
  • Provisioning — Just-in-time user creation on first login. SCIM provisioning is available on request.
  • Enforcement — Per-organisation toggle that forces every member to go through the IdP. Break-glass access for the billing owner stays available in case of IdP downtime.
  • Group → role mapping — Map IdP group claims to OpenCX roles (admin, agent, viewer) so directory changes propagate automatically.

What you’ll need before the call

  1. The IdP you plan to use.
  2. Admin access to that IdP (to exchange metadata and create the app).
  3. The OpenCX organisation ID you want to enable SSO on — find it at Settings → Organisation.
  4. The email domain(s) you want bound to this organisation.
  • Bug bounty program — report a vulnerability in our SSO implementation or anywhere else.