Single sign-on (SSO)

Single Sign-On (SSO) allows your team to sign in through an Identity Provider (IdP) using one set of credentials and access multiple applications, such as Stripe. Enabling SSO for your team increases security and makes it easier for them to sign in to Stripe. Stripe specifically supports Security Assertion Markup Language (SAML) 2.0, so your IdP can manage the creation of user accounts (team members) as well as authentication and authorisation during sign-in. Any identity provider that supports SAML 2.0 works with Stripe.

Setup SSO with an Identity Provider

Additional resources

Supported features

Stripe supports the following SSO features:

• SSO configuration options: Configure Stripe accounts to either mandate SSO for all users or allow sign-in using SSO or email and password.
• Just-In-Time account creation: Automatically create new Stripe accounts for users without existing access upon their first SSO sign-in.
• Granular Dashboard roles: Assign granular user roles through your IdP.
• IdP-initiated SSO: Authenticate directly from an IdP’s website or browser extension.
• Service Provider-initiated SSO: Initiate SSO login directly from Stripe’s login page.

Limitations

Stripe doesn’t support the following SSO features:

• User Deletion in SAML: Due to the limitations of SAML, Stripe doesn’t get notified if user access is revoked in IdP. If users try to log in again through SSO after their current session expires, Stripe revokes their access. If you need to remove access instantly, you can delete the users in your Team settings.
• System for Cross-domain Identity Management (SCIM): SCIM is a protocol that an IdP can use to synchronise user identity lifecycle processes (for example, provisioning and deprovisioning access, and populating user details) with the service provider, such as Stripe.