Owners can configure bypass SSO for individual users.
What you'll need
- SSO using Google is available on the Business Plan and above.
- SSO using Microsoft, Okta, and SAML are available on our Enterprise Plan.
- A Workspace owner or admin must enable SSO for your Workspace.
Enable bypass SSO
To enable the bypass feature:
- In the upper-left corner, click your Workspace avatar.
- Select Settings, then Security & Permissions.
- In the Login policy section, select bypass SSO for selected users.
Apply the bypass feature to individual users
Owners or admins can apply the bypass feature to individual users.
To apply the bypass feature to individual users:
- In the upper-left corner, click your Workspace avatar.
- Select Manage users.
- To the right of the user's name, in the Settings column click the ellipsis ... menu.
- Select Allow bypass SSO.
- To the right of their name in the bypass SSO column, the user now has a closed lock icon.
- Users without bypass SSO have an open lock icon.
Disable bypass SSO
Bypass SSO cannot be disabled for individual users.
To disable this feature for individual users, admins or owners can:
- Remove the user from your Workspace.
- Invite them again.
- Select another SSO setting from Security & Permissions.
To disable this feature on the Workspace level, an owner can:
- Remove any users that have bypass SSO enabled from your Workspace.
- You can invite them again and select another SSO setting from Security & Permissions.
View users with bypass SSO enabled
To view the users that have this feature enabled:
- Select Manage users.
- To the right of user's names in the bypass SSO column, users with the feature have a closed lock icon. Users without bypass SSO have an open lock icon.
Bypass SSO security
Secure access via ClickUp's Employee Identity Provider (IDP)
When a ClickUp support member is added with the bypass SSO option, they must be managed through ClickUp's Employee Identity Provider (IDP). This ensures they adhere to best practices, including using ClickUp's password policies, SSO, and Multi-Factor Authentication (MFA) settings. They cannot access customer workspaces until they log in through ClickUp's IDP/SSO with MFA.
Limited session duration
We configure limited session durations for ClickUp personnel, ensuring they don’t have unlimited access to customer workspaces. This adds an extra layer of security by minimizing the time a session remains active.
Automatic access revocation
If a ClickUp support member leaves the organization, their access is automatically disabled by the ClickUp IDP. This prevents any possibility of them logging into any workspaces, maintaining the security of customer environments.
Simplified customer management
This approach reduces the complexity for customers, as they don’t need to manage ClickUp support personnel in their own IDP systems. It streamlines the process and reduces administrative overhead.
Customer consent and control
The implementation relies on customer consent, allowing only selected users to bypass SSO. Our system ensures that SSO is required for all other users in the workspace, maintaining a high level of security for everyone else.