Single Sign-On lets your team members log in to Lingo using your organization's existing identity provider—like Okta, Azure AD, or Google Workspace. This simplifies access management and strengthens security by centralizing authentication.
Only the Owner or Admin can set up SSO for your Space.
SSO is available on the Enterprise plan.
Benefits of SSO
One less password — Team members use their existing corporate credentials
Centralized control — Manage access through your identity provider
Automatic deprovisioning — When someone leaves your organization, they lose Lingo access immediately
Security policies — Apply your organization's password and MFA requirements
Requirements
SSO is available on Enterprise plans. You'll need:
An Enterprise subscription to Lingo
Admin access to your identity provider (Okta, Azure AD, Google, or another SAML 2.0 provider)
Getting started
Setting up SSO requires coordination with Lingo support. Here's the process:
Contact Lingo support via the in-app messenger to initiate setup
Receive your ACS URL from your Lingo support specialist
Configure your identity provider using the SAML parameters below
Provide your metadata URL — share the XML metadata URL generated by your identity provider with Lingo support
Test the connection with a test user before rolling out to your team
SAML configuration
When configuring your identity provider, you'll need these parameters:
ACS (Assertion Consumer Service) URL: This will be provided by your Lingo support specialist
SP (Service Provider) Entity ID:
https://lingoapp.comAttribute statements: Please configure these as shown in the table below.
Name | Value |
FirstName |
|
LastName |
|
|
Important: Attribute statements are case-sensitive. Missing or incorrectly named attributes will cause the integration to fail.
Azure AD users: Remove the "Namespace" field when configuring attributes to avoid conflicts.
SCIM provisioning
If your identity provider supports SCIM, you can automate user provisioning. You'll need the following information to get started:
API Base URL:
https://api.lingoapp.com/v4/scim/v2/OAuth Bearer Token: This token will be provided to you by your Lingo support specialist. If you did not receive a token, please contact Lingo support and one will be provided to you.
SCIM features: Lingo's SCIM API supports the following features:
User creation
Attribute updates
User deactivation
Bulk user imports
Frequently asked questions
What identity providers does Lingo support?
Any identity provider that supports SAML 2.0 should work with Lingo, including Okta, Azure AD, Google Workspace, OneLogin, and Ping Identity. If you use Okta, we have a detailed setup guide. For other providers, contact our support team if you need assistance.
How does Lingo handle user provisioning?
Lingo uses Just-in-Time (JIT) provisioning. When someone signs in via SSO for the first time, a Lingo account is automatically created for them. If they already have a Lingo account, they'll be prompted to link it to your organization.
For automatic deprovisioning, you can use our SCIM API. If your identity provider doesn't support SCIM, you'll need to deactivate users manually from the Users screen.
Can I still log in if my identity provider is unavailable?
Yes. You can always log in using your email address and password. If you don't know your password, request a password reset.
Can we use SSO with the Lingo macOS app?
Yes. You can log into the macOS app using any login method supported on the web version of Lingo, including SSO.
Does Lingo support Single Logout?
Not at this time. Logging out of your identity provider won't automatically log you out of Lingo. If Single Logout is important to you, contact our support team to let us know.
Can we use multiple identity providers?
No. You can only have one identity provider configured per Space. If this feature is important to you, contact our support team to let us know.
What version of SAML does Lingo support?
Lingo supports SAML v2.0.