The purpose of this article is to provide information to Outreach users regarding single sign-on.
Q: Will enabling SSO for Outreach cause any problems for those that have already logged in via email/password?
A: Enabling SSO while some users are currently logged in shouldn't invalidate their sessions immediately. Currently logged in users will simply need to log back in as soon as their current session times out, and the new login will be via their SSO provider. There should be no disruption, assuming users are already familiar with logging in with SSO.
Q: Does Outreach support provisioning a license through our SSO provider if we run out of licenses? For example, when a new sales rep joins the team and they log in to our SSO provider for the first time, what happens if we are out of Outreach licenses?
A: You won't be able to add licenses via SSO. If you have the additional licenses already, you can auto-provision seats through your SSO provider, but we'll need your explicit permission to add additional seats to your subscription overall.
Q: If our SSO provider went down, can we sign into Outreach without using SSO (ie via the Outreach website)?
A: Once SSO is enabled, it becomes the only way to access your org's Outreach seats. In the unlikely event that your SSO provider goes down, you would need to contact your CSM or the Outreach support team to have them disable SSO for your org, at which point all users who need to log in would need to create a new password and use that to log in.
Q: Can I set up SSO with Multiple Orgs?
A: If your company has multiple Outreach orgs, there may be some additional considerations when setting up SSO.
If your Outreach orgs have no users in common, Admins will need to create an application for each org in your SSO provider's interface and your users will be assigned to one or the other. Each users should only see the org they are assigned to and no additional set up should be required.
If your Outreach orgs have common users, Admins will need to use a custom email address for the second organization so that the two addresses are not identical. For example, if the email address you use for the first Outreach instance is email@example.com, your address for the second instance could be firstname.lastname@example.org. You'll also need to set up the second instance of Outreach to use a NameID instead of email. For more information regarding configuring NameID, refer to the Advanced Settings for Identity Provider (SSO) article.