You can implement single sign-on (SSO) for your teammates to access Dynamic Yield. This lets you apply the same authentication policies as you do with your other enterprise applications when signing in to the Dynamic Yield admin. You can implement SSO through OIDC or SAML 2.0, which are supported by most major identity providers (IDP), such as Okta and Azure Active Directory.
Note: We currently support SSO with a single IDP through one Dynamic Yield account only.
Getting Started
Step 1: Add a new application to your Identity Provider
Use the following information, as relevant:
For SSO integration using SAML 2.0
URI (.com):
https://ssobroker.dynamicyield.com/auth/realms/admin/broker/[publish_ID]/endpoint
Metadata (.com):
SAML 2.0 Identity Provider Metadata
URI (.eu):
https://ssobroker.dynamicyield.eu/auth/realms/admin/broker/[publish_ID]/endpoint
Metadata (.eu):
SAML 2.0 Identity Provider Metadata
For SSO integration using OIDC
URl (.com):
https://ssobroker.dynamicyield.com/auth/realms/admin/broker/[publisher_id]/endpoint
Metadata (.com):
URl (.eu):
https://ssobroker.dynamicyield.eu/auth/realms/admin/broker/[publisher_id]/endpoint
Metadata (.eu):
Make sure that all relevant internal users are given access to this application so they can access Dynamic Yield.
Step 2: Provide information to Dynamic Yield
Give your Technical Account Manager the following:
For SAML 2.0 integration:
- Identity provider name
- SAML metadata
For OIDC integration:
- Identity provider name
- URI (Uniform Resource Identifier)
- Client ID
- Client Secret
Step 3: Create a test user
Create an internal test user and provide the credentials to your Technical Account Manager. Dynamic Yield uses this to test the integration internally.
SSO Login Flow
Once the integration is set up on both sides, you can test the integration. Note that once the user doing the test signs in using SSO they can no longer log in using their old credentials.
After verifying that the integration works properly for several users, we will force SSO on the account to make sure all team members use SSO to log in. New teammates will be directed to log in using SSO.
When SSO integration is enabled on your account, follow these steps to sign in:
- From the sign-in page, click Log in using SSO.
You are redirected to the SSO sign-in page. - Enter your corporate email address, which is authenticated by your Identity Provider.
- Enter your IDP credentials.
FAQ
Can I sign in using my regular email and password?
No, once SSO is enabled you can only sign in through your identity provider.
Can I invite teammates who are not listed under my identify provider?
Teammates not listed under your identify provider are not able to sign in.
Can I connect my account to more than one identity provider?
No, we currently support connecting to a single IDP.
Can I connect several Dynamic Yield accounts with the same identity provider?
No, we currently support connecting a single account to a single IDP
Can I change my user name, password, or phone number?
Once SSO is enabled, your credentials can only be edited and managed by your identity provider.
How do I disable the two-factor authentication in an SSO account?
Once SSO is enabled, two-factor authentication can only be disabled and managed by your identity provider.
How do I add a new teammate?
Make sure your teammate is listed with your identity provider with access to the Dynamic Yield app. Then, you can invite the teammate from the manage teammates screen in Dynamic Yield.
How do I revoke a teammate's access?
This can be done either by removing the teammate's access in your identity provider or deleting the teammate in Dynamic Yield.