How does single sign-on (SSO) work in Operating?

Single sign-on (SSO) lets your team log in to Operating with your identity provider. This explains how to turn it on and how Operating creates and matches Users when people first sign in.

Written By Matti Parviainen

Last updated 3 days ago

SSO basics

In order to get SSO activated for your Operating organization, reach out to support@operating.app and we’ll get it done. See SSO: Entra ID & SSO: Google Workspace articles for specific instructions.

Creating users in Operating

Operating Users are created when the user accesses Operating for the first time. Before your colleagues have logged in using SSO for the first time, you won’t see them in the Settings → Users list.

Upon first login, they will:

Known issues / FAQ

Question

Answer

What happens to users that we created before we turned SSO on?

They will remain duplicates, and will be able to access Operating using the email+password authentication unless specified otherwise. Let us know if you’d like to get rid of them.

What happens when a SSO user changes their email address?

Not a problem, we identify them based on the SSO ID. If you’d like us to edit their user’s email address in Operating, email us.

Do you support SCIM?

Not yet.

Is it possible to assign groups, sites, and other metadata to the Person related to a new SSO User?

Yes, the Person API is your friend.

Related articles

- What’s the difference between a User and a Person in Operating? — how SSO Users get matched to People

- Permission sets in Operating — the default permission set a new SSO User receives

- Give team members access to Operating — managing access

- How to add a new Person — adding People (separate from User login)

- SSO: Entra ID; SSO: Google Workspace — provider-specific setup