Safeguard your organization’s Workspace with Single Sign-On (SSO).
Single Sign-On (SSO) is a password-authentication strategy that lets team members access Webflow using your organization’s existing login system. With SSO, users authenticate once through your identity provider (IdP) — making login faster, more secure, and easier to manage at scale. Users won't have to manage multiple passwords as they sign in with one set of credentials.
What is SSO?
Single Sign-On (SSO) authentication is a password-authentication strategy that allows users to securely access multiple related applications or systems with a single set of credentials.
The primary benefit of SSO is that it gives organizations centralized control over who has access to their systems and the level of access each individual has. SSO simplifies team members’ experiences, reduces password fatigue, and improves organization security.
SSO considerations
Team members must be provisioned with access to Webflow from your IdP before they can use SSO. Note that we don’t set roles and permissions based on user groups in your IdP, but you can assign and revoke (i.e., provision and deprovision) access to Webflow via user groups.
Note
SSO is not supported as a way to access the legacy Editor — which will be deprecated in the future (exact date TBD). Teammates working in the legacy Editor can log in via SSO as Workspace members with access to edit mode in the Designer.
SSO enforcement
SSO enforcement is available on Webflow as either an optional or required sign-on method. When SSO is optional, Workspace members can sign in to your Workspace via IdP or with standard login credentials. When SSO is required, Workspace members must be authenticated via IdP before they can access your Workspace. Workspace members will still be able to access their personal Workspace with standard login credentials.
If some Workspace members have different email domains not managed through your IdP (e.g., freelancers, agencies, etc.), we recommend setting SSO to optional. This ensures they can continue to log in to your Workspace with standard login credentials. Alternatively, you can invite these members to your Workspace as guests — guest access doesn't require SSO when SSO is enforced.
To enable JIT or SCIM provisioning, SSO must be enforced, which prevents unauthorized users from automatically being added to your Workspace.
Supported SSO configurations
| Configuration | Workspace(s) | Domain(s) | Identity Providers (IdP) | Supported by Webflow? |
|---|
| “Standard” | 1 Workspace | 1 domain in 1 Workspace | 1 IdP organization for 1 domain | Yes |
| “Multi-domain” | 1 Workspace | Multiple domains in 1 Workspace | 1 IdP organization for all domains | Yes |
| “Multi-Workspace” | Multiple Workspaces | 1 domain across all Workspaces | 1 IdP organization for 1 domain | Yes |
| “Multi-IdP per customer” | Multiple Workspaces | Multiple domains (1 per Workspace) | Multiple IdP organizations (1 per domain and per Workspace) | Yes |
| “Multi-IdP per Workspace” | 1 Workspace | 1 or multiple domains | Multiple IdP organizations for 1 Workspace | No |
Supported IdPs
Webflow only supports OAuth and SAML connections at this time. Please contact our Enterprise sales team to confirm support for your IdP.
Set up SSO and provisioning
Webflow’s Enterprise Support or Customer Success teams provide custom setup instructions for SSO, SCIM, and JIT. If you haven’t received instructions or need to update your provisioning configuration, contact your Customer Success Manager or Enterprise Support.