Single sign-on (SSO) is an authentication method that allows users to log in to ImageKit with a single unique ID provided through a trusted Identity Provider (IdP).
SSO adds a layer of centralized control to user management. You can manage all the users in your organization and assign their ImageKit role from a central Identity Provider (IdP) platform. ImageKit will use that IdP to register, authenticate and authorize your users.
ImageKit SSO login screen
If you have administrator privileges on your ImageKit account, you can set up SSO for all the users in your account by following these guides for supported Identity Providers:
ImageKit uses SAML-based authentication for "Just In Time" (JIT) provisioning for your users. JIT provisioning means that you do not need to create or update users on the ImageKit User management page manually. This will be done automatically whenever a user that exists on your IdP logs into ImageKit using SSO.
For this, you need to configure SAML provisions on your Identity Provider platform.
Users on your IdP that do not yet have an account on ImageKit must initiate authentication through the SSO application on your IdP portal for the first time.
This process will provide ImageKit with the information needed to register that user on ImageKit and associate them with your organization account.
Upon successful authentication from the IdP, ImageKit will parse the SAML response. If a user with the unique email ID provided in the response does not already exist on ImageKit, a new user having the specified email ID, full name and ImageKit role will be registered under your organization account.
Alternatively, they may use the SSO application on your IdP portal to initiate authentication directly.
Upon successful authentication response from the IdP, ImageKit will check if there have been any changes to the user's information (such as full name and ImageKit role) since their last login on ImageKit. If so, the information will be updated on ImageKit automatically.
When a user is deleted from your IdP, they would be unable to log in to ImageKit using SSO. However, their account would still exist on ImageKit and count towards your subscription plan. To avoid this, you should delete them immediately from the User Management page on ImageKit as well.