Single Sign-On (SSO) on Libryo Sites

Last updated: 23 Feb 2026

Single Sign-On (SSO) allows users to access Libryo Sites using their organization’s existing login system (for example, Azure AD, Okta, or another SAML 2.0 provider). 

Enabling SSO adds an additional, convenient login option for your users. Once configured, users can choose to sign in either through your organization’s identity provider or by using their existing Libryo Sites email and password. SSO does not replace or disable the standard email-and-password login, so users who prefer or need to log in with their credentials can continue to do so as normal.

Who Can Enable SSO

Only an Organization Admin has the necessary permissions to configure and enable SSO for your Libryo Sites account. This ensures that SSO settings - such as connections to your identity provider, security certificates, and user assignment rules - are managed centrally and securely by someone with the appropriate level of administrative responsibility.

If you are unsure whether you are an Organization Admin, check the left-hand menu. Organization Admins can see Org Settings at the bottom of the menu. If you do not see this option, please contact your Organization Admin.

How to Enable SSO

To enable SSO:

1. Log in to Libryo Sites as an Admin user.
   

2. From the left-hand menu, go to Org Settings.
   

3. Select SSO.
   

4. Under Service Provider, use the URLs provided (such as the ACS/Reply URL, Entity ID, Metadata URL, Single Login URL, and Single Logout URL) to configure Libryo in your identity provider.
   

5. Under Identity Provider, enter the details from your identity provider into Libryo:
       •    Issuer URL
       •    Identity Provider’s Single Login URL
       •    Identity Provider’s Single Logout URL
       •    Identity Provider’s Signing Certificate
   
   
6. Under Application Settings, select a Default Team to Assign SAML Users, then tick “Enable SAML authentication for this organization.”
7. Click Save.
   

Once enabled, users in your organization can log in either via SSO or using their existing email and password at my.libryo.com/login.

User Login Experience

Users can log in in two ways:

• Via the standard login page (email and password)

• Via the organzation’s SSO login link

If the User Is New to Libryo Sites

If a user logs in via SSO and does not already have a Libryo Sites account:

• Their account is created automatically upon successful authentication.

• They are assigned to the default team selected during setup.

• They can begin using the platform immediately.

No manual user creation is required beforehand.

If the User Already Has a Libryo Sites Account

If a user already has an account with password authentication and clicks the SSO login link, they will see a message indicating that their account already exists.

They will be given two options:

1. Enable SSO

2. Use Password Authentication

If they select “Enable SSO,” their account will be linked to SSO for future logins. Their access, permissions, and history remain unchanged.

If they select “Use Password Authentication,” they will continue logging in using email and password as before.

This prompt only appears when accessing the SSO login link. It does not appear when logging in via the standard login page.

Disabling SSO

SSO can be disabled at any time by an Organization Admin from the Org Settings area. Disabling SSO immediately removes the option for users to sign in via your organization’s identity provider, so all users will need to access Libryo Sites using email and password authentication only.

If a user originally registered using SSO and SSO is later disabled, they will be prompted to reset their password the next time they try to log in. This ensures that they have a secure, standalone Libryo Sites password before continuing. After successfully resetting their password, they can log in using their email address and new password like any other user, and their existing teams, permissions, and activity in Libryo Sites will remain unchanged.

 

 

Have any questions?