Setting Up Single Sign-On (SSO)

Who is this for? Available to venue admins and IT admins. Setup typically requires coordination with the Theator team.

What Is Single Sign-On (SSO)?

Single Sign-On allows your organization to authenticate Theator users through your existing identity provider, such as Okta, Azure Active Directory, or any SAML-compatible provider. With SSO enabled, users can log in to Theator using their organizational credentials without needing a separate password.

Benefits of SSO

• Simplified access -- Users sign in once with their corporate credentials and gain access to Theator without managing a separate account.
• Enhanced security -- Authentication is managed by your organization's identity provider, leveraging your existing security policies, multi-factor authentication, and password requirements.
• Centralized user management -- IT teams can manage Theator access through your existing identity provider, making onboarding and offboarding more efficient.
• Compliance -- SSO helps meet organizational and regulatory requirements for access management.

Who Can Configure SSO?

SSO configuration is available to venue admins and IT admins. You can access the SSO settings page by navigating to System > Implementation > SSO (https://app.theator.io/system/implementation/sso).

What You Need to Set Up SSO

Before configuring SSO, prepare the following:

1. Identity provider details -- The name of your identity provider (e.g., Okta, Azure AD, Ping Identity).
2. SAML metadata or configuration URL -- Your identity provider's metadata URL or XML file.
3. Entity ID -- The unique identifier for your identity provider.
4. SSO login URL -- The URL where users are redirected to authenticate.
5. Certificate -- The X.509 certificate from your identity provider for verifying authentication responses.

Configuring SSO

1. Navigate to System > Implementation > SSO (https://app.theator.io/system/implementation/sso).
2. Select your identity provider type from the available options.
3. Enter the required configuration details (metadata URL, entity ID, login URL, and certificate).
4. Save the configuration.
5. Test the SSO connection by clicking the Test button to verify that authentication works correctly.

Verifying SSO Is Working

After configuration:

1. Open a new browser window or incognito session.
2. Navigate to the Theator login page.
3. Select the Sign in with SSO option.
4. You should be redirected to your organization's login page.
5. After authenticating, you should be returned to Theator and logged in successfully.

Important Notes

• SSO setup typically requires coordination between your IT team and the Theator team. Contact your Theator representative to initiate the process.
• Existing users who previously signed in with email and password will be migrated to SSO once it is enabled.
• If SSO is temporarily unavailable, contact Theator support for alternative access options.

Related Articles

• Theator Permissions Overview — Understand roles and access levels
• Managing Your Organization — Manage venues, sites, and departments