Welcome to the official documentation for Scrunch AI's Single Sign-On (SSO) integration. This comprehensive guide covers all aspects of our SSO capabilities, from setup to advanced configurations.
Overview
Scrunch AI's Single Sign-On (SSO) integration enables seamless authentication for enterprise customers from standard corporate identity solutions, such as Okta, Microsoft Entra (previously Active Directory), Ping Identity, and more.
<aside>
Scrunch AI SSO is available exclusively on Enterprise plans and above.
</aside>
Benefits of SSO with Scrunch AI
For Administrators
Centralized Access Control: Manage user access to Scrunch AI directly from your identity provider.
Enhanced Security: Enforce corporate security policies including password complexity, multi-factor authentication, and session controls.
Just-in-Time Provisioning: Automatically create user accounts on first login - no technical provisioning required in advance.
Domain-Based Enforcement: When enterprise SSO is enabled, all users with the enterprise domain are required to log in via SSO.
For End Users
Simplified Login Experience: Single credential access across all enterprise applications.
Seamless Session Management: Automatic login when already authenticated to your identity provider.
Supported SSO Providers
Scrunch AI supports industry-standard authentication protocols and can integrate with any identity provider that adheres to SAML 2.0 or OpenID Connect (OIDC) standards. This includes:
Okta
Microsoft Entra ID (formerly Azure AD)
Google Workspace
PingIdentity
JumpCloud
Any other OIDC or SAML 2.0 compliant provider
Implementation Guide
Prerequisites
Before starting the SSO implementation process, ensure you have:
An active Scrunch AI Enterprise subscription
Admin access to your identity provider (IdP)
Admin access to your Scrunch AI workspace
SAML 2.0 Configuration
Step 1: Request SSO Enablement
Contact your Scrunch AI account representative to initiate SAML SSO setup. They will enable the SSO feature for your workspace and provide you with any necessary Service Provider (SP) configuration details.
Step 2: Configure Your Identity Provider
Set up a new SAML application in your identity provider. The specific steps will vary by provider, but you'll typically need to:
Create a new SAML application in your IdP
Configure the Service Provider settings using the details provided by Scrunch AI
Set up attribute mappings for user information
Step 3: Provide IdP Metadata to Scrunch AI
What we need from you:
IdP SAML metadata file or metadata URL
This metadata file contains all the necessary configuration information including:
IdP Entity ID/Issuer
IdP Single Sign-On URL
IdP Certificate (X.509 format)
Step 4: Test the Integration
Work with your Scrunch AI representative to test the SSO integration before rolling it out to all users.
OpenID Connect (OIDC) Configuration
Step 1: Request SSO Enablement
Contact your Scrunch AI account representative to initiate OIDC SSO setup.
Step 2: Configure Your Identity Provider
Register a new OIDC application in your identity provider.
Step 3: Provide Required Information to Scrunch AI
What we need from you:
Discovery URL - The OIDC discovery endpoint from your IdP
Client ID - The client identifier for your OIDC application
Client Secret - The client secret (treat as sensitive information)
Step 4: Test the Integration
Work with your Scrunch AI representative to test the SSO integration before rolling it out to all users.
Configuration Options
Scrunch AI offers the following SSO configuration options:
Configuration | Description | Default |
Just-in-Time Provisioning | Automatically create user accounts on first login | On |
Domain Enforcement | Require all users with enterprise domain to use SSO | On (when SSO enabled) |
Admin Role Management | Customers can manage access to admin roles through Scrunch interface | Available |
Brand Access Management | Customers can manage brand access through Scrunch interface | Available |
To modify these settings, contact your Scrunch AI account representative.
<aside>
Important: Scrunch AI does not currently support SCIM provisioning. User provisioning is handled through just-in-time provisioning on first login.
</aside>
Troubleshooting
Common Issues and Resolutions
Users receive "Authentication Failed" errors
This typically indicates a configuration issue. Ensure that:
The IdP metadata is correctly configured in Scrunch AI
User accounts are properly assigned to the Scrunch AI application in your IdP
Required attributes (email) are being sent by your IdP
SSO login page is not loading
This could be due to:
Network connectivity issues between the user and the IdP
Incorrectly configured IdP endpoints
Browser cookie or cache issues
Users with enterprise domain can still sign in with passwords
Check that:
SSO is properly enabled for your domain
The user's email domain matches the configured enterprise domain
The SSO configuration is active
Diagnostic Information
When troubleshooting SSO issues, please gather:
User's email address and domain
Identity provider name and version
Any error messages displayed to the user
Screenshots of the issue (with sensitive information redacted)
FAQs
What happens to existing user accounts when SSO is enabled?
When SSO is enabled for an enterprise domain, all users with that domain will be required to authenticate via SSO. Existing accounts will be linked to SSO identities through email matching during just-in-time provisioning.
Can we have multiple SSO providers for one Scrunch AI workspace?
Contact your Scrunch AI account representative to discuss multi-provider configurations for your specific use case.
How do we handle contractors or external users who don't have accounts in our identity provider?
If desired, users outside your enterprise domain can continue to use standard authentication methods. Only users with the configured enterprise domain are required to use SSO.
What user information does Scrunch AI receive from the IdP?
Scrunch AI primarily requires the user's email address for account creation and linking. Additional profile information may be used when provided by the IdP.
Support
For assistance with SSO configuration or troubleshooting, please contact Scrunch AI Enterprise Support:
Email: support@scrunchai.com
Support Portal: https://intercom.help/scrunchai/en
Please provide the following information when requesting SSO support:
Your workspace name/ID
Identity provider name and version
Detailed description of the issue, including any error messages
Screenshots of configuration settings (with sensitive information redacted)
© 2025 Scrunch AI, Inc. All rights reserved. Last updated: September 4, 2025