Skip to main content

Scrunch AI Single Sign-On (SSO) Integration

Step-by-step implementation and troubleshooting guide for implementing Single Sign-On (SSO) with your Scrunch AI account

Updated over a month ago

Welcome to the official documentation for Scrunch AI's Single Sign-On (SSO) integration. This comprehensive guide covers all aspects of our SSO capabilities, from setup to advanced configurations.

Overview

Scrunch AI's Single Sign-On (SSO) integration enables seamless authentication for enterprise customers from standard corporate identity solutions, such as Okta, Microsoft Entra (previously Active Directory), Ping Identity, and more.

<aside>

Scrunch AI SSO is available exclusively on Enterprise plans and above.

</aside>

Benefits of SSO with Scrunch AI

For Administrators

  • Centralized Access Control: Manage user access to Scrunch AI directly from your identity provider.

  • Enhanced Security: Enforce corporate security policies including password complexity, multi-factor authentication, and session controls.

  • Just-in-Time Provisioning: Automatically create user accounts on first login - no technical provisioning required in advance.

  • Domain-Based Enforcement: When enterprise SSO is enabled, all users with the enterprise domain are required to log in via SSO.

For End Users

  • Simplified Login Experience: Single credential access across all enterprise applications.

  • Seamless Session Management: Automatic login when already authenticated to your identity provider.

Supported SSO Providers

Scrunch AI supports industry-standard authentication protocols and can integrate with any identity provider that adheres to SAML 2.0 or OpenID Connect (OIDC) standards. This includes:

  • Okta

  • Microsoft Entra ID (formerly Azure AD)

  • Google Workspace

  • PingIdentity

  • JumpCloud

  • Any other OIDC or SAML 2.0 compliant provider

Implementation Guide

Prerequisites

Before starting the SSO implementation process, ensure you have:

  • An active Scrunch AI Enterprise subscription

  • Admin access to your identity provider (IdP)

  • Admin access to your Scrunch AI workspace

SAML 2.0 Configuration

Step 1: Request SSO Enablement

Contact your Scrunch AI account representative to initiate SAML SSO setup. They will enable the SSO feature for your workspace and provide you with any necessary Service Provider (SP) configuration details.

Step 2: Configure Your Identity Provider

Set up a new SAML application in your identity provider. The specific steps will vary by provider, but you'll typically need to:

  1. Create a new SAML application in your IdP

  2. Configure the Service Provider settings using the details provided by Scrunch AI

  3. Set up attribute mappings for user information

Step 3: Provide IdP Metadata to Scrunch AI

What we need from you:

  • IdP SAML metadata file or metadata URL

This metadata file contains all the necessary configuration information including:

  • IdP Entity ID/Issuer

  • IdP Single Sign-On URL

  • IdP Certificate (X.509 format)

Step 4: Test the Integration

Work with your Scrunch AI representative to test the SSO integration before rolling it out to all users.

OpenID Connect (OIDC) Configuration

Step 1: Request SSO Enablement

Contact your Scrunch AI account representative to initiate OIDC SSO setup.

Step 2: Configure Your Identity Provider

Register a new OIDC application in your identity provider.

Step 3: Provide Required Information to Scrunch AI

What we need from you:

  • Discovery URL - The OIDC discovery endpoint from your IdP

  • Client ID - The client identifier for your OIDC application

  • Client Secret - The client secret (treat as sensitive information)

Step 4: Test the Integration

Work with your Scrunch AI representative to test the SSO integration before rolling it out to all users.

Configuration Options

Scrunch AI offers the following SSO configuration options:

Configuration

Description

Default

Just-in-Time Provisioning

Automatically create user accounts on first login

On

Domain Enforcement

Require all users with enterprise domain to use SSO

On (when SSO enabled)

Admin Role Management

Customers can manage access to admin roles through Scrunch interface

Available

Brand Access Management

Customers can manage brand access through Scrunch interface

Available

To modify these settings, contact your Scrunch AI account representative.

<aside>

Important: Scrunch AI does not currently support SCIM provisioning. User provisioning is handled through just-in-time provisioning on first login.

</aside>

Troubleshooting

Common Issues and Resolutions

  • Users receive "Authentication Failed" errors

    This typically indicates a configuration issue. Ensure that:

    • The IdP metadata is correctly configured in Scrunch AI

    • User accounts are properly assigned to the Scrunch AI application in your IdP

    • Required attributes (email) are being sent by your IdP

  • SSO login page is not loading

    This could be due to:

    • Network connectivity issues between the user and the IdP

    • Incorrectly configured IdP endpoints

    • Browser cookie or cache issues

  • Users with enterprise domain can still sign in with passwords

    Check that:

    • SSO is properly enabled for your domain

    • The user's email domain matches the configured enterprise domain

    • The SSO configuration is active

Diagnostic Information

When troubleshooting SSO issues, please gather:

  • User's email address and domain

  • Identity provider name and version

  • Any error messages displayed to the user

  • Screenshots of the issue (with sensitive information redacted)

FAQs

  • What happens to existing user accounts when SSO is enabled?

    When SSO is enabled for an enterprise domain, all users with that domain will be required to authenticate via SSO. Existing accounts will be linked to SSO identities through email matching during just-in-time provisioning.

  • Can we have multiple SSO providers for one Scrunch AI workspace?

    Contact your Scrunch AI account representative to discuss multi-provider configurations for your specific use case.

  • How do we handle contractors or external users who don't have accounts in our identity provider?

    If desired, users outside your enterprise domain can continue to use standard authentication methods. Only users with the configured enterprise domain are required to use SSO.

  • What user information does Scrunch AI receive from the IdP?

    Scrunch AI primarily requires the user's email address for account creation and linking. Additional profile information may be used when provided by the IdP.

Support

For assistance with SSO configuration or troubleshooting, please contact Scrunch AI Enterprise Support:

Please provide the following information when requesting SSO support:

  • Your workspace name/ID

  • Identity provider name and version

  • Detailed description of the issue, including any error messages

  • Screenshots of configuration settings (with sensitive information redacted)


© 2025 Scrunch AI, Inc. All rights reserved. Last updated: September 4, 2025

Did this answer your question?