Enterprise accounts can configure Single Sign-On (SSO) using SAML 2.0 or OIDC, allowing team members to log in with their existing corporate identity provider (IdP).
Supported identity providers
- Okta
- Google Workspace (formerly G Suite)
- Microsoft Azure Active Directory / Entra ID
- OneLogin
- Ping Identity
- Any SAML 2.0 or OIDC-compatible IdP
Configuring SAML SSO
- 1Go to Settings → Security → SSO.
- 2Select SAML 2.0.
- 3Copy the LinkStacked ACS URL and Entity ID.
- 4In your IdP, create a new SAML application using those values.
- 5Copy your IdP's SSO URL, Entity ID, and X.509 certificate.
- 6Paste them into the LinkStacked SSO settings and click "Save".
- 7Test the connection using the "Test SSO" button before enforcing it.
Enforcing SSO
Once SSO is configured and tested, you can enforce it: all team members must log in via your IdP. Email/password login is disabled for your domain.
Enforce SSO only after testing it thoroughly and ensuring all team members have access via the IdP. Locking yourself out requires contacting support.
OIDC configuration
For OIDC, go to Settings → Security → SSO → OIDC. You'll need your IdP's Discovery URL, Client ID, and Client Secret. LinkStacked uses the authorization_code flow with PKCE.
Was this article helpful?