Understanding Pitchly’s Single Sign-On (SSO)

Single Sign-On (SSO) offers the ability for an external service to authenticate an organization's users. Single Sign-On is not available by default in Pitchly's plans. It is negotiated and configured on a plan-by-plan basis.

Single Sign-On Process

The user visits Pitchly’s sign-on page and provides their email address
SSO is detected for users and they are redirected to their organization's login page.
Login credentials (email/username and password) are authenticated against their organization's identity provider/authentication service.
SSO service passes back a signal to Pitchly that a successful sign-on/authentication has occurred.
The user is automatically logged into the Pitchly application.

Next Generation- Single Sign-On (SSO)_Image 1

Troubleshooting

If a user encounters problems with the SSO authentication process, there are a few things to keep in mind to help troubleshoot.

Email addresses must be an identical match. Pitchly maintains a single email address for each user and that email address must match at all points in the SSO process outlined above.

Example: User whose email is pitchlyuser@yourcompany.com

Step 1 - Pitchly sign-on screen: User enters pitchlyuser@yourcompany.com
Step 2 - Your company's SSO: User enters pitchlyuser@yourcompany.com (and password)
Step 3 - After successful SSO authentication, Pitchly expects to receive from your SSO provider: pitchlyuser@yourcompany.com

The email domain must be listed in Pitchly. In addition to a single email address for each Pitchly user, a list of email domains eligible for SSO is also stored within your company's Pitchly settings. (In the example above, the email domain is: yourcompany.com) The SSO email domain list is created and maintained by Pitchly tech support and is intended as an added layer of security. Any new or changed email domains within your organization must be communicated to us to prevent SSO errors.

Note: Microsoft's cloud-based offerings sometimes put their own branding in the email domain, e.g. yourcompany.onmicrosoft.com - While either domain at the end of an email address may authenticate within your SSO system, it will not ultimately match the final Step 3 above, where Pitchly is expecting pitchlyuser@yourcompany.com.

In this scenario, the full email address itself and the email domain with "onmicrosoft" in it would fail to authenticate with Pitchly (Step 3).

We are capable of supporting a wide array of connections including Microsoft Azure Active Directory, SAML, and Active Directory/LDAP. But as always, we're flexible—if your organization prefers to provide access by invite only, Pitchly can accommodate.

Account Admins have the option of setting default account permissions for all new users. Our recommended best practice is to set the default permission to read-only.

To activate SSO on your Pitchly account, reach out to your Account Executive or email us at PitchlySupport@pitchly.com.

Configure SSO in Pitchly using SAML

Request to Join An Account

Configure SSO in Pitchly using Okta

Pitchly PowerPoint VSTO Add-in – Security & Technical Overview

Activate Auto-Join