SSO (Single sign-on) allows members of an organization to use a single ID and password to gain access to their Beautiful.ai account using the Identity Provider (IdP or SP).
How does SSO work?
With Single sign-on, when you try to log in the account is required to be authenticated before access is granted.
Strict SSO
When an organization has its SSO set as Strict, then, its members are only allowed to log in using the Identity Provider, (IdP or SP). They’re not allowed to log in using email/password or Google.
Upon login, it will show “Login with Single Sign On” button only.
Non Strict SSO
If SOO is set as Non Strict, users within the organization can use both, SSO and login/password/google.
Both of the conventional “login” and “Google” buttons will be shown on the B.AI log in page.
Enabling SSO
To enable SSO in Beautiful.ai, click on Profile and from the Advanced tab, select Enable SSO.
Verify your domain and follow the steps below for IdP or SP initiated flows
To complete the SAML SSO setup, the owner may enter the IDP Metadata URL to fill the SAML SSO Endpoint and Issuer URL sections automatically or they can manually insert the info for those two items.
- IDP Metadata URL: Entering this URL will automatically fill out the next two fields. If they don’t have this they can skip and manually enter the information in the following fields.
- SAML SSO Endpoint: This is the URL we will redirect their users to when they try to log in via Beautiful.ai instead of their Identity Provider.
- Issuer URL: This is the unique identifier of their Identity Provider. We use this to validate that the SAML assertions we receive are issues from their identity provider.
You also have the option to turn ON > Allow IDP Initiated Flow or Enforce Strict SSO.
- Allow IDP Initiated Flow: Enabling IdP-initiated access will allow users to log into Beautiful.ai via their identity providers' application portal. Disabling access will only allow SP (Service Provider) initiated access (i.e. users will have to start their authentication process at beautiful.ai/login)
-
Enforce Strict SSO: With Strict SSO enabled, users will be required to log in with SSO. With Strict SSO disabled, users will be able to login with both SSO and email/password. Please note if there are users that have been using B.AI prior to SSO, they will be locked out if they don’t have access provisioned in their IdP’s platform. We recommend keeping the Strict SSO option disabled first and testing SSO functionality before enabling this setting.
IdP - Identity Provider Initiated Flow
With IdP login, members of the organization must log in to their IdP SSO page (e.g. OKTA, One Login, Active Directory) in order to gain access to the account.
Steps:
You may start at Step 1 or Step 3
Once the login option is selected, it'll automatically check to see whether the account email has already been authenticated (i.e. checks to see if you were logged into OKTA, One login, Active Directory). If so, you gain access to the site.
If you haven’t, you're re-directed to the Identity Provider to log in. It'll verify the account username and password against the information in its user database.
You start at one of the Identity Provider and use the single username/password associated with your company.
The SSO solution passes authentication data to the website. Some IdP will require you to click on an icon.
-
After login, the site passes authentication verification data to the website and the account gains access to the site.
SP - Service Provider Initiated Flow:
With SP login, members of the organization log into their account and an authorization request is sent to the Identity Provider; such as OKTA, One Login, Active Directory. Once IdP authenticates and verifies the member’s identity, the user is automatically logged into their account.
Steps:
Once SSO has been enabled, upon entering an email address, it will detect if the account's organization has SSO. If so, the password field will disappear from the window and the “LogIn with Single Sign On” button will appear.
If the account has already been authenticated with the Identity Provider you will gain access to the site.
If the account hasn't been authenticated, you will be redirected to the Identity Provider page to verify your username and password.
Once the SSO solution passes authentication data to the website the account gains access to the site.
User Provisioning are additional SSO settings that may be turned ON/OFF.
- Allow JIT Provisioning: Just-in-Time (JIT) provisioning is an automated process that creates user accounts when they log in for the first time to an application. JIT provisioning works by setting up Single Sign-On (SSO) between the target service and the identity provider. The identity provider then sends user information to the web application using the Security Assertion Markup Language (SAML) protocol. When a new user logs in, the information is passed from the identity provider to the app, which then creates the user account.
- Enable SCIM Provisioning: Enabling System for Cross-domain Identity Management (SCIM) provisioning on an app allows it to automate the exchange of user identities between cloud-based services and apps. SCIM provisioning automates access to applications and services, which can reduce the need for manual account creation and maintenance.
Comments
Open your SSO.
Go to the "View" tab on the ribbon.
Look for the "Presentation Views" group like download snaptriod apk
Click on "Slide Sorter" or "Normal" view. In Slide Sorter view, you'll see all of your slides at once as thumbnails
Super clear breakdown of SSO—thanks for sharing this! I like how you explained the difference between strict vs non-strict because that’s something many teams overlook when first rolling out IdP-based authentication. I’ve noticed that whether it’s managing logins or even financial planning, having the right tools in place makes all the difference. For example, I’ve used a tsp loan repayment calculator to simplify long-term contribution planning in the same way SSO simplifies access—streamlined, less hassle, and way more secure.
Thanks for the clear breakdown of Strict vs Non-Strict SSO 👌. I think a lot of teams underestimate how much time and confusion single sign-on can save when managing multiple accounts. I had a similar ‘aha’ moment outside of work too — when exploring games like summertime saga for pc, I realized how important seamless access is. Just like SSO streamlines login, having one simple access point for content makes the whole experience smoother.
click on "Slide Sorter" or "Normal" view. In Slide Sorter view, you'll see all of your slides at once as thumbnails
In a similar way, I’ve noticed the same kind of efficiency improvement when using automation tools like delta executor new update 2025 which help manage scripts and permissions across different environments. It’s all about minimizing friction and keeping teams focused on creation instead of constant logins and configurations. Great documentation here!
Thank you for sharing this detailed overview of SSO.
I found the explanation of Strict vs. Non-Strict SSO especially useful, along with the steps to enable it through the Profile → Advanced tab. support.beautiful.ai
I do have a quick question once SSO is enabled and either the IdP-initiated or SP-initiated flow is set up, are there any recommended apk checks or common issues to look out for during the initial rollout?
Appreciate the clarity in this guide really helpful.
Aktueller Blei Preis refers to the current market price of lead (Blei in German). This price fluctuates based on global supply and demand, industrial usage, and economic conditions. Lead is commonly used in batteries, construction, and radiation shielding. Tracking the aktuelle Blei Preis is important for traders, recyclers, and industries that rely on lead materials.
Open your SSO and navigate to the "View" tab on the ribbon.
In the "Presentation Views" group, select either "Slide Sorter" or "Normal" view like Download Minecraft APK
The Slide Sorter view displays all your slides as thumbnails, allowing you to see the entire presentation at a glance.
Open your SSO.
Go to the "View" tab on the ribbon.
Look for the "Presentation Views" group like Download paint 3d
Click on "Slide Sorter" or "Normal" view. In Slide Sorter view, you'll see all of your slides at once as thumbnails
Open your SSO and navigate to the "View" tab on the ribbon.
In the "Presentation Views" group, select either "Slide Sorter" or "Normal" view like Download Null's Brawl
The Slide Sorter view displays all your slides as thumbnails, allowing you to see the entire presentation at a glance.
Open your SSO and navigate to the "View" tab on the ribbon.
In the "Presentation Views" group, select either "Slide Sorter" or "Normal" view like Download Jenny Mod Minecraft
The Slide Sorter view displays all your slides as thumbnails, allowing you to see the entire presentation at a glance.
Open your SSO.
Go to the "View" tab on the ribbon.
Look for the "Presentation Views" group like TV الأسطورة
Click on "Slide Sorter" or "Normal" view. In Slide Sorter view, you'll see all of your slides at once as thumbnails
Open your SSO.
Go to the "View" tab on the ribbon.
Look for the "Presentation Views" group like GStream apk
Click on "Slide Sorter" or "Normal" view. In Slide Sorter view, you'll see all of your slides at once as thumbnails
Article is closed for comments.