Legacy: How Clearbit's SSO SAML authentication works
🔍 Please note: this article is for customers on Standard Bundle, Enrichment, or Clearbit Platform plans.
Clearbit supports Single-Sign On (SSO) through SAML 2.0 authentication. This increases security, simplifies the login process, and reduces the risk of lost or forgotten login information. Review the articles below for instructions on how to set up SAML authentication with your identity provider.
SAML setup instructions by identity provider
Don't see your provider? The SAML 2.0 integration is designed to be vendor agnostic, meaning it's compatible with any identity provider (IdP) that supports a standard SAML configuration. If you don’t see your identity provider in the list above, use the general setup instructions or reach out to Clearbit Support to assess whether or not the SAML 2.0 integration is compatible.
How SAML authentication works
Logging into Clearbit applications
Once SAML authentication is turned on, users can log into Clearbit in two ways:
- The SAML application: users will be directed to Clearbit and automatically signed into our applications.
- The Clearbit login flow: users who attempt to use the standard login flow will be redirected to your SSO URL. If they aren'tare not currently logged into your IdP, they will be prompted to do so before being authenticated and logged in.
Enforcing SAML authentication
When SAML authentication is turned on, it's enforced for all applicable users. Clearbit enforces SAML at the user-level based on the email domain provided during configuration. All users with the email domain that matches the pattern provided will be required to log in via your SAML application to access any and all Clearbit applications.
Users that don't share the designated email domain will not be asked to authenticate through your SAML application. Instead, they can log in using their standard username and password.
To increase security for users outside your organization, you can also enable multi-factor authentication (MFA).
Just-in-time (JIT) provisioning
The SAML integration provides just-in-time (JIT) provisioning by default.
Just in Time (JIT) Provisioning is a SAML protocol-based method used to create users the first time they log in to an application via an identity provider. This eliminates the need to provision users within Clearbit manually.
After adding a new user to your custom SAML application, Clearbit will automatically create that user in your account when they first attempt to log in.
Offboarding users
To edit permission sets or remove user access, you'll need admin permissions:
- In your Clearbit acccount, navigate to Manage Team > Users.
- In the right panel, click Remove User.
Articles in this section
- How Does the Clearbit Community Data Opt Out Work?
- Delete your Clearbit account
- Legacy: Set up multi-factor authentication (MFA)
- Legacy: How Clearbit's SSO SAML authentication works
- Legacy: Set up SAML authentication with Okta
- Legacy: Set up SAML authentication with Azure
- Legacy: Set up SAML authentication with JumpCloud
- Legacy: Set up SAML authentication with Google SSO
- Legacy: Custom SAML authentication setup