Single Sign-On (SSO)

⚠️ SSO is only available on a per-request basis under a closed beta.

Single sign-on (SSO) is a secure process to log in to Parcel. With SSO, individuals can authenticate and log in to Parcel using their own identity provider (IdP).

Parcel supports integration with any IdP capable of SAML 2.0. Once SSO is enabled for an account, all users in that account MUST use SSO to sign in.

Setting up SSO

The exact steps will vary depending on your IdP, but the general steps are:

1. Create a new app integration with your IdP. Enter Parcel as the name of the integration.
2. When asked, the post-back URL (sometimes called the “Assertion Consumer URL”) for Parcel is https://parcel-prod.firebaseapp.com/__/auth/handler.
3. If asked, the Service Provider Entity ID is urn:parcel:saml. (This can be changed upon request.)
4. Take note of the SSO URL and Entity ID. You will need to provide these to Parcel as part of the SSO setup process. The SSO URL is the URL that Parcel will redirect to when a user attempts to log in. The Entity ID is a unique identifier for your IdP. If an Entity ID is not provided, let us know.
5. Locate and copy the contents of the signing certificate. This will be used by Parcel to verify authentication claims from your IdP.
6. Send an email from the email account associated with your Parcel account to hello@parcel.io containing the SSO URL, Entity ID, and signing certificate.