Security Assertion Markup Language (SAML) is a standard of communication between Identity Providers (IDP) and Service Providers (SP) like ClickUp.
ClickUp allows you to use Single Sign-On with any IDP that supports SAML 2.0!
We also have dedicated Single Sign-On integrations available for the following platforms:
Custom SAML is exclusive to the Enterprise Plan. To learn about our different plans, click here.
Enabling Custom SAML
To set up Single Sign-On with a SAML 2.0 Identity Provider (IDP) of your choosing, you must have an Owner or Admin enter the appropriate configuration in your Workspace's
Security & Permissions settings.
In your Workspace's Security & Permissions, select the
SAML option to begin the setup process.
Note: any previous SSO settings that you had configured previously will be overwritten.
Ask your IT team to set up your organization's IDP solution. The exact steps will vary depending on which identity provider solution your organization uses.
NameID of any format is required in the assertion sent from your IDP to ClickUp. No other attributes are required.
We recommended that you do not use
NameID format as email address changes will require you to re-link users (see Step 4 below).
Configure your IDP solution
Provide your IT team with the following information from your ClickUp Workspace:
Audience URI (SP Entity ID)
Single Sign On URL (ACS URL)
You must copy the entire SP Certificate. Any additions or deletions to what is in the text box in your ClickUp Security & Permissions page will cause the configuration to fail.
This information tells the IDP solution how to communicate securely with ClickUp.
Next, we need to tell ClickUp how to communicate securely with your IDP solution.
Once your IT team has configured the IDP, ask them to provide you with the following information:
Issuer URI (IDP Entitity ID)
Login URL (Single Sign On Service URL)
IDP Public Certificate
Note: You do not need to include the certificate header/footers. ClickUp supports signed and encrypted assertions, however, you must use the same certificate key pair for both methods.
Enter the above listed information into ClickUp:
Browse to the
Security & Permissionspage in your Workspace settings
Enter the information in the appropriate fields
Click on Save Metadata
Upon saving these fields, you'll be prompted to login immediately using the new SSO settings. The first time log in process makes sure everything is working!
Important! The first time log in also creates a link between the ClickUp account you are using to set up SSO for your Workspace and the IDP user account that you are logging in with.
Next, we'll verify that your account was linked successfully.
My Settings under your user profile settings and scroll all the way to the bottom of the page.
If the first-time login process was successful, you should see that your ClickUp user profile is now linked to your IDP.
You can use the
Re-link buttons to change which account from your IDP is associated with your ClickUp account.
Set your Login Policy
Each individual user must link their ClickUp account with their account in the IDP in order to log in using SSO.
Browse to the
Security & Permissions tab and you'll see the Login Policy section.
You have three options to choose from:
Require SSO for all users
Require SSO for all users except Guests
Using SSO is optional
You can enable your Workspace to enforce SSO when users log into their ClickUp account.
When this option is enabled, each user will be prompted to link their IDP account with on-screen instructions.
You can choose to require SSO for all users except guests by selecting the second option shown above:
All users except guests must use SAML auth.
The next time users log in, or when newly invited users accept an invitation to join your Workspace, they will see the following screen:
If a newly invited user is creating a brand new ClickUp account, they will need to set a password for their ClickUp account before accepting the Workspace invitation and setting up SSO using SAML.
This is a requirement even if you enforce SSO in your Workspace, as the user may create, or be invited to, other Workspaces that do not enforce SSO using SAML.
Once the user completes the sign-in with SAML, their ClickUp account will be linked with their user account from your IDP.
If you do not require SSO to login to your organization's Workspace, select the third option:
Using SAML auth is optional.
Each user will have the option to manually link their account in order to use SSO to log in.
Instructions for users:
Click on your Avatar in the lower-left corner of your Workspace
Click on My Settings
Scroll all the way to the bottom of the My Settings page
Click on the
Linkbutton next the SAML provider listed under Single Sign On
Sign in to your IDP user account as prompted
You can now use SSO to sign into ClickUp! Your Workspace and users can now use SSO with your IDP solution.