OpenCX supports enterprise single sign-on on Enterprise plans. Teams log in through your identity provider (Okta, Azure AD / Entra ID, Google Workspace, or any SAML 2.0 / OIDC IdP) instead of per-user email + password.Documentation Index
Fetch the complete documentation index at: https://docs.open.cx/llms.txt
Use this file to discover all available pages before exploring further.
SSO isn’t self-serve yet. Contact sales@open.cx to start onboarding — we’ll work with your IdP admin to exchange metadata, assign the right attributes, and cut over without disrupting active sessions.
What onboarding covers
- Protocol — SAML 2.0 or OIDC. Pick whichever your IdP handles best.
- Provisioning — Just-in-time user creation on first login. SCIM provisioning is available on request.
- Enforcement — Per-organisation toggle that forces every member to go through the IdP. Break-glass access for the billing owner stays available in case of IdP downtime.
- Group → role mapping — Map IdP group claims to OpenCX roles (admin, agent, viewer) so directory changes propagate automatically.
What you’ll need before the call
- The IdP you plan to use.
- Admin access to that IdP (to exchange metadata and create the app).
- The OpenCX organisation ID you want to enable SSO on — find it at Settings → Organisation.
- The email domain(s) you want bound to this organisation.
Related
- Bug bounty program — report a vulnerability in our SSO implementation or anywhere else.