Lingo provides Single Sign-On (SSO) functionality for enterprise customers to gain access to Lingo Spaces through a single authentication source, like Okta. This allows Space administrators to better manage user access, makes it very easy for new hires to join your Space, and keeps your assets more secure.

We use SAML (Security Assertion Markup Language), a standard that permits identity providers like Okta to safely pass authorization information to service providers like Lingo.

Lingo also supports SCIM (System for Cross-domain Identity Management) for automatic provisioning of user accounts.

👉 Note: SSO is only available to Spaces on Lingo's Enterprise tier.

How to Get Started with Lingo SSO in 3 Easy Steps

  1. Contact Lingo Support using the Intercom messenger below to begin the setup process.
  2. Configure your Identity Provider using the Configuration Parameters listed below.
  3. Give us the XML Metadata URL created by your Identity Provider.

SAML Configuration Parameters

  • ACS (Assertion Consumer Service) URL: This URL will be provided to you by your Lingo support specialist.
  • SP Entity ID:  https://lingoapp.com  
  • Attribute Statements: Please configure these as shown in the table below. The "Name" is case sensitive, and if any of these are missing your integration will not work.

SCIM Configuration

If your Identity Provider supports SCIM, you'll need the following information to get it working.

  • SCIM API Base URL:   https://api.lingoapp.com/v4/scim/v2/  
  • OAuth Bearer Token: This token will be provided to you by your Lingo support specialist. If you did not receive a token, please contact Lingo support and one will be provided to you.

SCIM Features

Lingo's SCIM API supports the following features:

  • Create Users
  • Update User Attributes
  • Deactivate Users
  • Import Users

FAQs

What Identity Providers does Lingo SSO support?

  • Any identity provider that supports SAML 2.0 should work with Lingo. Please contact our support team for assistance with setting up other IdPs if you are having trouble.
  • If you use Okta, we have made a tutorial on how to set up Lingo SSO with Okta.

How does Lingo SAML SSO handle user provisioning?

  • Lingo has implemented Just-in-Time (JIT) provisioning for new accounts. This means that a new user account will automatically be created in Lingo for any user who signs into your space using SSO and does not already have a Lingo account.
  • If a user signs in with SSO and has an existing Lingo account, they will be asked to "link" their existing account to your organization via a confirmation step.
  • Automatic deprovisioning is supported via our SCIM API. If you use an IdP that does not support SCIM, you will need to deactivate users manually from the Users screen.

Does Lingo SAML SSO support Single Logout?

  • Not at this time. If Single Logout is important to you, please contact our support team to let us know.

Can I still log in to Lingo if my identity provider is out of service?

  • Yes, you can still log in to Lingo using your email address and password. If you do not know your account password, please request a password reset.

Can we use SSO to log into the Lingo macOS app?

  • No, SSO is not supported in the macOS app. Users can log in using their email address and password. If the user was created via SSO, they'll want to follow the password reset instructions to set a password.

What version of SAML does Lingo support?

  • We currently support SAML v2.0.

Can we use multiple identity providers to access our Lingo space?

  • No, at this time you can only have one identity provider configured per space. If this feature is important to you, please contact our support team to let us know.
Did this answer your question?