Single Sign On for Sinch Engage

INTEGRATION & SETUP

Connect to your existing identity infrastructure

Sinch Engage integrates with Microsoft Entra ID (Azure AD) and Okta. Setup starts in your IdP, where you create a new SAML application. Then you sign in to the Sinch Engage parent account with admin credentials. You add your email domains and verify ownership with a DNS TXT record.

For trusted locations, the IdP domain must be a subdomain of okta.com or microsoftonline.com.

Image for Connect to your existing identity infrastructure

SECURITY & CONTROL

Strengthen access control across your organization

Turn on Enforce SAML authentication to require SSO for users with matching email domains. When enforcement is on, those users can’t use password login, cutting down the risk of password reuse.

You can also turn on auto-provisioning, so if someone authenticates with SSO and has no profile, Sinch Engage can create one.

Image for Strengthen access control across your organization

The SSO advantage with Sinch Engage

Identity provider outage recovery

If your identity provider goes down and SAML enforcement is active, contact the Sinch Engage support team. They can turn off enforcement so admins and existing users can log in with email again.

Centralized user provisioning

When auto-provisioning is on, new users who authenticate through your identity provider get a Sinch Engage profile created automatically.

Enforced authentication compliance

Turn on SAML enforcement to require users with matching email domains to authenticate through your identity provider.

Multi-account domain management

If you use one domain for multiple accounts, add multiple values to one DNS TXT record. Separate values with spaces, and surround each value with double quotes.

CAPABILITIES

Single Sign On capabilities in Sinch Engage

Sinch Engage supports a focused set of Single Sign On capabilities built on the SAML 2.0 standard. Use these controls to reduce admin effort and tighten access control.

SAML 2.0 authentication standard
Microsoft Entra ID and Okta support
DNS TXT record domain verification
Enforce SAML authentication toggle
Auto-provisioning for new users
Multi-account domain verification

CAPABILITIES

How to set up Single Sign On

This setup is intended for IT system administrators. Sinch can support Sinch Engage setup steps, but we can’t support configuration inside your SAML identity provider.

1. Create a new SAML application in your identity provider.

In Microsoft Entra ID, use the Microsoft Entra Gallery and select Create your own application. In Okta, follow the SAML application setup guide.

2. Configure Single Sign On in Sinch Engage.

Sign in to the parent account with admin credentials. Add the email domains you want to use for SSO. Email domains can only be used once per account hierarchy.

3. Verify domain ownership.

Add the DNS TXT record value shown in the SSO configuration screen. Wait for DNS changes to propagate, then save the configuration.

4. Set enforcement and provisioning preferences.

Turn on Enforce SAML authentication to require SSO-only login for matching domains. Turn on auto-provisioning to create new user profiles automatically.

Talk to an expert

Bring Single Sign On to your Sinch Engage account

SSO is a request-only feature.
Contact the Sinch Engage support team to request activation on your account.

Talk to an expert

FAQ

Common questions about Single Sign On

We answer your most common questions about the Sinch Engage mobile app that lets you manage group chats and mass texts all from your mobile phone.

What is Single Sign On?

Single Sign On is an authentication method that lets users log in to multiple applications or services with one set of credentials. Users authenticate once and get access across connected systems.

What authentication standard does Sinch Engage use for Single Sign On?

Sinch Engage uses SAML 2.0 for Single Sign On. SAML 2.0 is an open standard for exchanging authentication and authorization data between an IdP and a service provider.

Which identity providers does Sinch Engage support?

Sinch Engage supports Microsoft Entra ID (Azure AD) and Okta for Single Sign On. Custom domains and self-hosted identity providers are not supported at this time.

How do I verify domain ownership during Single Sign On setup?

You add a DNS TXT record to your domain’s DNS settings. Use the TXT value shown in the SSO configuration screen. After DNS propagation, save your configuration in Sinch Engage.

What happens if my identity provider goes down?

If Enforce SAML authentication is on and your IdP is down, contact the Sinch Engage support team. Support can turn off enforcement so administrators and existing users can log in with email again.

Does enforcing SAML Single Sign On log out active users?

No. Active user sessions stay logged in until they expire. The next time a user logs in, they must authenticate through SAML Single Sign On.

Can I use Single Sign On with two-factor authentication?

When SSO is enforced, users can’t log in with a password, so 2FA is not triggered. When SSO is not enforced, password login triggers 2FA. Users can also choose SSO login, which bypasses 2FA.

Does Sinch Engage support IdP-initiated Single Sign On?

Not at this stage. Users must start in the Sinch Engage web portal and use the Login with Single Sign On page. One-tap SSO apps are not supported at this time.

Does Sinch Engage support on-premises Microsoft Active Directory?

No. Sinch Engage only supports Azure Active Directory (Microsoft Entra ID).

How do I get Single Sign On activated on my account?

Single Sign On is a request-only feature. Contact the Sinch Engage support team to request that it is activated on your account.

Simplify access with Single Sign On for Sinch Engage

What Single Sign On delivers for your business

How SAML 2.0 Single Sign On works