Single Sign-On (SSO) allows organizations to manage multiple users (employees, vendors, partners, etc.) through a central identity provider such as Okta or Microsoft Entra ID. Users authenticate once with their identity provider and gain access to various applications including Planable without needing separate login credentials for each service.
If you're an Enterprise client and don't have the SSO option, please reach out to your assigned customer success manager or to customer support.
Supported identity providers
Planable supports any SAML 2.0-compliant Identity Provider (IDP), including Okta, OneLogin, Azure AD and Google Workspace (GSuite).
For provider-specific help with SAML metadata and setup refer to these resources, but not limited to:
Planning your SSO setup
Before enabling SSO, decide how to handle user access. There are 2 approaches:
Option 1: SSO-First approach
Invite users directly through your identity provider when they've never logged into Planable before.
Default settings for new SSO users:
Read-only access by default (all permissions except editing and admin)
Automatic access to all workspaces
With this approach, the company owner will need to adjust workspace access and customize permissions after users are created through SSO.
Option 2: Traditional setup first
Users initially create accounts in Planable through traditional methods, where the company owner assigns proper permissions and workspace access, then SSO is enabled afterwards.
Once SSO is enabled, nothing in users' permissions and workspace allocation will change - everything remains exactly as previously configured.
SSO Implementation recommendations
Make sure you have Company owner permission for your Planable company account
Prepare internal communications - Inform your team about upcoming login process changes
Test with a single user first - Have one assigned user try logging in through your identity provider before rolling out to the entire team
Use application groups - Create groups rather than direct user assignments for cleaner management
Avoid shared accounts - Each user needs a personalized account (no generic emails)
General SSO Setup Process
Prepare Planable Information
To initiate configuring your identity provider, access in your Planable dashboard your company settings:
Then click on SSO section:
From the SSO section, you'll need to gather the following information from your Planable company SSO settings page:
Single Sign-On URL (also called Reply URL or Assertion Consumer Service URL)
Audience URI (also called Identifier or Entity ID):
https://app.planable.io/sso-saml/login/id
Create Planable Application in your Identity Provider
The exact process for creating and configuring SAML applications varies depending on whether you're using Okta or Microsoft Entra ID. Your assigned customer success manager will provide you with detailed, step-by-step setup instructions specific to your identity provider.
What changes for users after SSO is configured
First-time SSO activation (required)
Before users can log into Planable with SSO, they need to activate it with a one-time sign-in.
Go to Company Settings > SSO section
Copy company's SSO link and paste in browser
Complete the sign-in process
Note: Only company owners have access to Company Settings.
After SSO activation
Once activated, users can use the SSO login option on Planable's login page for all future sign-ins.
User restrictions after SSO activation
Once SSO is enabled, regular users (except company owners) will lose access to:
Email/password login, Google and Facebook authentication - Previous login credentials are disabled
Password reset functionality - "Forgot password" becomes unavailable
Mobile app access - Current technical limitation prevents mobile SSO login
Exception: Company owners retain all alternative login methods and password reset capabilities as a security safeguard.
SSO login behavior and user management in Planable
Authentication and provisioning are managed by your Identity Provider (IdP)
Permissions (Admin, Billing, Editor, Viewer) must be managed directly in Planable
Removing a user from your identity provider does not automatically remove them from Planable. You must manually remove users from both your identity provider and Planable to fully revoke access
Users removed from identity provider assignments can still access Planable for 7 days. After 7 days, authentication expires and access is completely blocked.
For additional assistance with your SSO setup in Planable or if you encounter any issues, please contact your Customer Success Manager our support team.