Single Sign-On

Single sign-on (SSO) is a session and user authentication tool that lets you securely access multiple applications and services using one set of credentials. We use SAML authentication to configure SSO. See our SAML configuration documentation section to learn how to configure SSO with SAML in Fivetran.

Supported identity providers

We officially support the following identity providers:

• Microsoft Entra ID (formerly Azure Active Directory) / Setup Guide
• Google Workspace / Setup Guide
• Okta / Setup Guide
• OneLogin / Setup Guide
• PingOne & PingFederate / Setup Guide
• RSA SecureID / Setup Guide

You can set up Fivetran from these identity providers' app catalogs (except Google Workspace and PingOne). If you have multiple Fivetran accounts with the same login email, you must log in to Fivetran with your username and password, even if SSO is enabled on all accounts. You can access these accounts in SAML from the applications shown on your SAML provider's homepage.

If you would like us to offer official support for any other identity provider, let us know and we will evaluate your request.

If you would like to try using a SAML 2.0 compliant identity provider that we don’t support, you can attempt it with these settings:

• ACS: https://fivetran.com/login/saml/return
• NameID: must be user's email
• Required custom attributes:
  • FirstName - user's first name
  • LastName - user's last name
• Required signing option: Sign SAML assertion
• Application's Entity ID: the identifier used as the audience for the SAML response. If you have multiple Fivetran accounts, each one needs its own application Entity ID.

NOTE: This method is not fully supported and may not work with an identity provider that does not support our requirements. If you run into issues we would be happy to evaluate adding official support for your identity provider.