Single Sign-On

You can use Single Sign-On (SSO) to access Mixpanel. You must be on a Mixpanel enterprise account and use an identity provider or a custom SAML implementation in order to use SSO with Mixpanel. 

This is a new version of SSO and is in BETA.
Email sso-support@mixpanel.com for more information.

Access SSO Settings

To access SSO settings in Mixpanel, navigate to your Organization Settings located under your name in the top navigation.

Screen_Shot_2019-11-19_at_1.23.08_PM.png

Claim a Domain 

Claiming a domain will add security to an SSO implementation by only allowing members with a claimed domain in their email address to access Mixpanel. SSO only works on domains that are claimed. 

To claim a domain, add a TXT record to your domain’s DNS records with a verification key provided by Mixpanel. The verification key is available after you claim a domain from your Organization Settings.

Generate Verification Key by Claiming Domain

To claim a domain, click Access Security in your Organization Settings.

Screen_Shot_2019-11-14_at_4.05.51_PM.png

Click Domain Claiming in the Access Security menu.

Screen_Shot_2019-11-14_at_4.08.41_PM.png

Click Add Domain found in Domain Claiming menu. You will be prompted to enter your Mixpanel password.

Screen_Shot_2019-11-14_at_4.14.11_PM.png

Enter the domain you wish to claim in the pop-up modal. Click Submit Claim.

domain_claim.png

Check Verification Status

It may take up to 24 hours for Mixpanel to verify ownership after you claim a domain. 

The claimed domain appears in the Domain Claiming menu. It will list as pending until it is successfully verified.

DC_notverified.png

It will be indicated as verified after Mixpanel verifies the domain.

Add Verification Token to your DNS

The verification token is available in the Domain Claiming menu after you claim a domain. Use the token as part of the TXT record that you add to your domain’s DNS record.

Add mixpanel-domain-verify=<your-token> as the TXT record.

Set up your IDP

You must configure your Identity Provider (IDP) to connect to Mixpanel in order to use SSO if you are not using custom built SSO. This requires that you directly configure your SSO settings.

Okta

Setting up SSO with Okta requires that you configure a custom app in Okta. Follow these instructions to configure a custom application.

One Login

One Login only requires that you get the postback URL. 

Other IDPs

It is possible to set up Mixpanel with IDPs not listed above. Email sso-support@mixpanel.com to get the required information to set up SSO with an IDP not listed.

Postback URL

You likely will need to provide your IDP with a postback URL. The postback URL is accessible from the Access Security tab. To obtain your postback URL, navigate to Access Security in your Organization Settings.

postback.png

Just in Time Provisioning 

Just in Time (JIT) provisioning using SAML will let users sign in automatically upon the initial login event. This removes the need for organization admin to invite individual users to an Organization.

You must complete the steps above to enable JIT provisioning. 

To turn on JIT provisioning, go to Access Security, and click on the “Allow JIT Provisioning” toggle. The toggle will be green if it is enabled.

JIT.png

Is this article helpful?

Comments

0 comments

Please sign in to leave a comment.