Best Practices Guide for SSO Troubleshooting
SCIM and SSO Overview
SCIM (System for Cross-domain Identity Management) automates user provisioning and deprovisioning.
Perplexity does not currently support SCIM but provides tools via its SSO platform (WorkOS) to manage user access effectively.
Organizations can enforce domain-controlled logins through their Identity Provider (IdP), allowing them to manage user access on their side.
2. User Provisioning
How it works:
Users are provisioned "just-in-time" when they log in via SSO/IdP, not when added to the IdP.
By default, organization admins must invite users on the Perplexity side.
Customizable Options:
Engineering can enable:
Automatic login for users with an email domain owned by the organization.
Auto-capturing all users with the owned email domain into the organization's Perplexity account.
3. User Deprovisioning
Default Behavior:
Users are not automatically removed from Perplexity when deprovisioned from the IdP.
If SSO is enforced and the IdP rejects a login, the user cannot access their account but will still appear in the system until manually removed by an admin.
Best Practice:
Ensure admins regularly review and manually remove deprovisioned users to maintain accurate account records.
4. Key Troubleshooting Steps
Verify if SSO is configured to enforce domain-controlled logins via the IdP.
Confirm whether just-in-time provisioning is functioning by testing a new user login.
For issues with deprovisioning:
Check if the IdP is rejecting logins for deprovisioned users.
Manually remove accounts from Perplexity as needed.
5. When to Involve Engineering
If you need to enable automatic login or auto-capture features for your organization, contact support.