Push.ai supports using Identity Providers (IdP) such as Okta to control authentication through single sign-on (SSO). We also support provisioning and deprovisioning Push.ai users along with managing their role assignments through SCIM (directory sync).
Push.ai supports the SAML protocol for single sign-on authentication. To initiate setup, contact our support team at support@push.ai. We’ll provide specific instructions and a test environment for setting up Push.ai with your preferred IdP.
Users will no longer be able to log in with their previous Push.ai authentication method (username & password or Google)
Attempting to use previous authentication methods will redirect users to the SSO login page
Users will need to input their email, which will use the domain to redirect to your IdP for sign-in
Users can log in directly from your IdP by clicking on the Push.ai application integration
Email RequirementsThe primary email of each user assigned to Push.ai in your IdP must match their Push.ai user’s email. Otherwise, they won’t be able to log in to their Push.ai account.
In addition to standard attributes (id, emails, first_name, last_name), Push.ai requires the following custom attribute:roles → <name_of_push_ai_role>
Examples: Admin, Data, or NormalUser
Important Notes about Roles - Role assignments must be non-empty -
SCIM-enabled organizations do not have default roles - All role assignments
must be explicitly managed through your IdP - Role names are case-insensitive