SSO and SAML Setup: Centralizing Your Organization's Access

Last updated: April 22, 2026

asset_7HPmVGDWbscJpjE2o5VA6nCi_DALL-E 3, A clean, modern digital workspace banner, overhead perspective. On a minimalist light-colored desk, abstract glowing digital nodes representing various identity providers ar.png

Introduction

Scenario supports Single Sign-On (SSO) via SAML 2.0 for organizations that want to simplify access management. When enabled, team members log in to Scenario using their company credentials: no separate Scenario password required.

Note: SSO is exclusively available on the Enterprise plan. Please contact your account manager to enable this feature for your organization.

Supported Identity Providers

Scenario's SAML 2.0 integration is compatible with most enterprise identity providers:

  • Okta

  • Microsoft Azure Active Directory (Entra ID)

  • Google Workspace

  • OneLogin

  • Custom Providers: Any identity provider that supports SAML 2.0 is likely compatible. If yours is not listed, contact support for a custom configuration.

Before You Begin

To ensure a smooth setup, you will need Admin access to both Scenario and your identity provider (IdP). Have these ready:

  1. Admin credentials for your IdP.

  2. Access to Organization Settings in Scenario.

Configuration Workflow

Step 1: Scenario Configuration

  1. Click your organization's initials (upper left) and select Manage Organization.

  2. Navigate to the Security tab.

  3. Under Single Sign-On, click Configure SSO.

  4. Copy the Scenario ACS URL and Entity ID: You will need these for your IdP.

Step 2: Identity Provider (IdP) Configuration

While steps vary by provider, the general process remains consistent:

  1. Create a New SAML App: Set up a new application within your IdP console.

  2. Enter URLs:

    • ACS URL (Reply/Callback URL): Use the value from Scenario.

    • Entity ID (Audience URI): Use the value from Scenario.

  3. Map Attributes: Ensure the following assertions are mapped correctly:

Attribute

Status

Purpose

Email Address

Required

Primary user identifier

First Name

Recommended

User profile display

Last Name

Recommended

User profile display

  1. Assign Users: Grant access to the users or groups intended to use Scenario.

  2. Metadata: Download the SAML metadata XML file or copy the Metadata URL.

Step 3: Completing the Setup

  1. Return to Scenario Organization Settings > Security > Single Sign-On.

  2. Upload the XML file or paste the Metadata URL.

  3. Click Save and Test Connection.

  4. Once successful, enable SSO Enforcement.

What to Expect After Activation

  • Redirection: New and existing members will be redirected to your IdP login page.

  • Provisioning: Access is managed through your IdP. If you remove a user there, they lose access to Scenario.

  • Data Preservation: Existing members' projects, models, and assets remain intact after switching to SSO.

Frequently Asked Questions

Can I still use password-based login?

Admins retain password-based login as a fallback for troubleshooting. Standard members are required to use SSO.

What happens if the IdP goes down?

Members will be unable to log in during an outage. Admins can contact Scenario support to temporarily disable enforcement if needed.

Is SCIM supported?

SCIM for automated provisioning is currently on the roadmap. For now, manage memberships via the Members tab in Organization Settings.