Single Sign-On (SSO) Is Now Generally Available—With Enhancements

Now more than ever, organizations must have security controls in place to protect against threats and unauthorized access. That is where single sign-on (SSO) comes in! As you may remember from our previous blog post, SSO centralizes and secures user access to multiple applications. With a single login, users can authenticate to their Twilio SendGrid account through their identity provider (IdP). 

The Twilio SendGrid team is excited to announce that SSO is now generally available (GA) with some new and exciting enhancements that we will dive into below.

Just-in-Time provisioning

The first enhancement is Just-in-Time (JIT) provisioning, an industry standard that automatically creates a Twilio SendGrid user the first time a user accesses Twilio SendGrid through their IdP. When that user attempts to log in through the application tile, the IdP will pass the attributes that Twilio SendGrid requires in the Security Assertion Markup Language (SAML) assertion to create their account.

As soon as new users have Twilio SendGrid assigned in the IdP, they can get started without the administrator as a bottleneck.

JIT provisioning can significantly reduce the workload of an account administrator from the tedious task of manually creating new users in the Twilio SendGrid Console. As soon as new users have Twilio SendGrid assigned in the IdP, they can get started without the administrator as a bottleneck. 

With JIT enabled, new teammates will be created with read-only access permissions. This permission level allows a teammate to view but not change or configure any information in the account. An administrator can modify the teammates’ permissions after the initial creation in account settings.

Multi-subuser support

An SSO user can be authorized to access as many subuser accounts as needed, without requiring parent account permissions.

Another exciting enhancement with our GA release of SSO includes the ability to grant users access to more than one subuser account! An SSO user can be authorized to access as many subuser accounts as needed, without requiring parent account permissions. With this enhancement, organizations can provide SSO to users who need access to multiple subusers for their role while still restricting the scope of the actions.

Integrations with Okta and Azure Active Directory

Finally, we have made improvements to the setup process with 2 of the most widely used IdPs, Okta and Azure Active Directory (AD). Dedicated setup guides are available for Okta and Azure, providing easy-to-follow documentation specific to the IdP. We are also working on prebuilt integrations that simplify the SSO configuration steps. Instead of creating a custom application integration, prebuilt integrations speed adoption and are found directly in the IdP’s application catalog. These will soon be available for Okta through the Okta Integration Network (OIN) and Azure through the Azure AD application gallery.

Get started today

SSO for Twilio SendGrid is available to Marketing Campaigns’ Advanced, Email APIs’ Pro, Premier, and Custom plans. Both new and existing SSO integrations can take advantage of these new enhancements to improve your organization’s account security posture from unauthorized access.

To get started, go to the SSO settings page in your Twilio SendGrid account. For additional information on the setup process, please visit the SSO documentation.


SendGrid Email Deliverability Blog – SendGrid

Source link

Scroll Up