Single Sign-On for Admins

  • Enterprise

Setting up SSO

Only a team admin can configure SSO for a Postman Team.

  1. Log in to Postman, and start on the Postman Edit Team Details page. If the team is subscribed to an enterprise plan, the option to configure SSO will be displayed. 

edit team details

2. Select an authentication provider, or Identity Provider (IdP), from the dropdown.

authentication provider

3. Provide the necessary details to create an authentication.

add authentication

4. The Identity Provider (IdP) details can be collected from here.

identity provider

5. After configuring SSO on your IdP, you can enter IdP metadata manually or upload the metadata file in XML format which is generated by the IdP. 

identity provider metadata

6. When the setup is done, admins can manually enable or disable the authentication from this page.

enable or disable

enable confirmation

Postman does not email team members when SSO is set up, changed, or disabled. It is the responsibility of the admins to notify team members and convey the login URL to them so they can access Postman via SSO.

Managing user accounts

Creating end user account

To add an end user, create an account for the user in the Identity Provider (IdP). The first time a new user logs in to Postman via the IdP, a Postman account will be created only if the team has slots available and the Allow Signups box is checked while configuring the SSO. The user will be automatically associated to the team with a member role and will have access to team resources.

Existing user account

If a Postman user logs in to Postman via IdP, then the user will be associated to the team provided that:

  • A team invitation exists for the user.
  • The team has available slots and the Allow Signups box was checked while the admin configured the SSO.
Removing IdP access

Removing an end user from the IdP will prevent the user from being able to log in to the corresponding Postman account, but will not remove the account from Postman. To prevent access to team resources, we recommend removing the end user’s account from the Postman Team associated with the IdP.