Skip to main content

Setting up SSO in Shapes

Written by Efrat Barak Zadok

How to connect:

  1. Click on the 3 dots in the right hand corner, then click on Account settings:

2. Click into the Security tab and select SSO:

(Make sure to mark the checkbox by Google SSO or Microsoft SSO)

Multi-SSO Support

Shapes accounts support connections to multiple SSO domains. Organizations utilizing more than one identity provider or managing multiple domains can streamline their authentication process.

  • Google SSO

  • Microsoft SSO

Both Google and Microsoft SSO connections can be active simultaneously. To configure, go to Account Settings → Security → SSO and add your SSO domains.


Overview

Shapes uses OpenID Connect (OIDC) for authentication. We only request the minimum set of standard scopes required to identify a user:

  • Name

  • Email address

We do not request access to any sensitive or extended data such as:

  • Emails or mailboxes

  • Calendars

  • Files or drives

  • Directory data beyond basic profile


Required Scopes by Provider

Microsoft Entra ID (Azure AD)

Scopes required:

  • openid

  • profile

Details:

Important:

  • No Microsoft Graph permissions are requested

  • No admin consent is required for additional data access


Google Workspace

Scopes required:

  • openid

  • profile

  • email

Details:

  • Uses OAuth 2.0 Authorization Code flow

  • Shapes verifies the id_token and reads:

    • Email address

    • First name (given_name)

    • Last name (family_name)

Did this answer your question?