Single sign-on (SSO)

Single Sign-On (SSO) allows your team to sign in through an Identity Provider (IdP) using one set of credentials and access multiple applications, such as Stripe. Enabling SSO for your team increases security and makes it easier for them to sign in to Stripe. Stripe specifically supports Security Assertion Markup Language (SAML) 2.0, so your IdP can manage the creation of user accounts (team members) as well as authentication and authorization during sign-in. Any identity provider that supports SAML 2.0 works with Stripe.

Setup SSO with an Identity Provider

Additional resources

Supported features

Stripe supports the following SSO features:

• SSO configuration options: Configure Stripe accounts to either mandate SSO for all users or allow sign-in using SSO or email and password.
• Just-In-Time account creation: Automatically create new Stripe accounts for users without existing access upon their first SSO sign-in.
• Granular Dashboard roles: Assign granular user roles through your IdP.
• IdP-initiated SSO: Authenticate directly from an IdP’s website or browser extension.
• Service Provider-initiated SSO: Initiate SSO login directly from Stripe’s login page.
• System for Cross-domain Identity Management (SCIM): SCIM is a protocol that an IdP can use to synchronize user identity lifecycle processes (for example, provisioning and deprovisioning access, and populating user details) with the service provider, such as Stripe.

Limitations

Stripe doesn’t support the following SSO features:

• User Deletion in SAML: When users aren’t managed through SCIM, Stripe doesn’t receive immediate notifications if user access is revoked in IdP. If users attempt to log in through SSO after their session expires, Stripe revokes their access. To remove access immediately, you can delete users from your Team settings or enable SCIM user provisioning.