You can use Single Sign-On (SSO) to access Mixpanel. You must be on a Mixpanel enterprise account and use an identity provider or a custom SAML implementation in order to use SSO with Mixpanel.
For additional assistance, email firstname.lastname@example.org.
Access SSO Settings
To access SSO settings in Mixpanel, navigate to your Organization Settings located under your name in the top navigation.
Require Users to Log In Using SSO
Optionally toggle “Require Users to Log In using SSO” to prevent your users from using a username and password to log in. Click Enable. Organization owners and admins will still be able to log in using username and password if SSO is not set up correctly.
Claim a Domain
Claiming a domain will add security to an SSO implementation by only allowing members with a claimed domain in their email address to access Mixpanel. SSO only works on domains that are claimed.
To claim a domain, add a TXT record to your domain’s DNS records with a verification key provided by Mixpanel. The verification key is available after you claim a domain from your Organization Settings.
Generate Verification Key by Claiming Domain
To claim a domain, click Access Security in your Organization Settings.
Click Domain Claiming in the Access Security menu.
Click Add Domain found in Domain Claiming menu. You will be prompted to enter your Mixpanel password.
Enter the domain you wish to claim in the pop-up modal. Click Submit Claim.
Check Verification Status
It may take up to 24 hours for Mixpanel to verify ownership after you claim a domain.
The claimed domain appears in the Domain Claiming menu. It will list as pending until it is successfully verified.
It will be indicated as verified after Mixpanel verifies the domain.
Add Verification Token to your DNS
The verification token is available in the Domain Claiming menu after you claim a domain. Use the token as part of the TXT record that you add to your domain’s DNS record.
Add mixpanel-domain-verify=<your-token> as the TXT record.
Note that you will need to leave the token in your DNS records permanently or the domain will unverify after a week. Only remove the token for domains you no longer wish to use SSO with.
Set Up Your IDP
You must configure your Identity Provider (IDP) to connect to Mixpanel in order to use SSO if you are not using custom built SSO. This requires that you directly configure your SSO settings.
Setting up SSO with Okta requires that you configure a custom app in Okta. Follow these instructions to configure a custom application.
One Login only requires that you get the postback URL.
It is possible to set up Mixpanel with IDPs not listed above. Email email@example.com to get the required information to set up SSO with an IDP not listed.
You likely will need to provide your IDP with a postback URL. The postback URL is accessible from the Access Security tab. To obtain your postback URL, navigate to Access Security in your Organization Settings.
Just in Time Provisioning
Just in Time (JIT) provisioning using SAML will let users sign in automatically upon the initial login event. This removes the need for organization admin to invite individual users to an Organization.
You must complete the steps above to enable JIT provisioning.
To turn on JIT provisioning, go to Access Security, and click on the “Allow JIT Provisioning” toggle. The toggle will be green if it is enabled.