Service status:

User management on an SSO enabled Signable account


Once you’ve got your SSO via SAML all set up and configured with Signable, the tricky part’s done! For more information on that, click here.


Generally, all of the management for user access to Signable will be handled via your SAML identity provider (Think Okta, Entra, Workspace, etc) but it’s worth noting the expected behaviour from our side.


If SSO via SAML is enabled but not enforced on the account then you’ll still be able to add users within Signable itself, a user will be able to log in with their email and password like normal. However, they will need to be manually provided access within your identity provider to then be able to log in via SAML.


Alternatively, the user can be manually linked to the identity provider under the specific user's profile card. Simply go to Users & Teams, select the user in question and select their Security tab.


Under SAML Name ID - simply enter their email address as it appears on the identity provider and we'll link the two users up!


If SSO via SAML is enabled and enforced, your users will only be able to log into Signable via your SAML identity provider’s single sign on. This also means that you’ll only be able to add users to the Signable account by first giving them access to Signable via your identity provider. Upon doing this, the first time a user logs in via SAML, their user profile will be created with the default user role (more info on roles found here) that was dictated during your configuration of the SSO via SAML creation.

Default User Roles:

Upon configuration, you'll be asked to set the default user role for all users added to the account through SSO via SAML. This 'default role' will serve as the default level of user access for that user within Signable. For more information on user roles, click here.


From a user visibility perspective, a User and Admin role will only be able to see envelopes and templates that have been shared 'with everyone' or shared with that specific user (or their team). For more information on sharing, click here.


It's also worth noting that these user roles cannot currently be mapped to the equivalent level of user access within your Identity Provider. It's best to add them at the minimum expected level of account access and manually upgrade the users as and when needed.

Super Admins:

Super Admin users will have full visibility of all envelopes and templates sent on the account, regardless of sharing settings - they also have access to the company settings & billing.


We like to refer to a Super Admin as an 'escape hatch' user, meaning that even with SSO via SAML enforced across the account - a Super Admin user will still be provided the option to log in with their email & password combination so as to prevent being locked out of the account if there are any issues with the SAML identity provider.

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.

Still need help? Contact Us Contact Us

Related Articles