Standard/Best Practices
Use Cases
Connecting to on-prem systems

Single sign-on

To increase both usability and security for enterprise users, please note that it is possible to set up SAML-based single sign-on (SSO).

Using SSO with your Organization means that your team members won't have to keep track of their login credentials. They will be able to quickly and easily access the Organization's assets and you can be certain that anyone logging into your Organization will be in line with your internal protocols.

There are a number of SSO authentication providers and connectors to choose from (such as OneLogin, Duo, Okta). Exactly how SSO will work will depend on the provider your Organization requirements.

Please contact your account manager if you wish to proceed with using SSO alongside your Organization.

Important notes on SSO

IMPORTANT!: The Tray platform only supports SAML version 2.0.


Please follow the following steps to start the process of configuring an SSO for your organisation:

PLEASE NOTE: Some SSO providers use a staging environment which means the SSO setup will need testing before it goes live. This is naturally use case dependant.


Once SSO is setup and tested it will work in one of two ways:

  • Login will be initiated at "your" end. Users will usually initiate their login at a URL which will look similar to this:<organisation_id>

  • When your users login to your authentication portal, they will then be redirected to a "logged in session".

  • If a user tries to login with a preexisting account, their login will be matched via a UID aka their email address.

  • If this is a new user, then a new account will be created and registered with your SSO provider.

Instructions for individual SSO providers


Below is a summary of setup instructions for Okta users.