Single Sign-On (SSO)

An overview on how to set up SSO for your Workspace.

SSO

Overview

SSO is currently only available for Enterprise customers, and only Workspace admins can use this feature. To upgrade, get in touch with our sales team.

Single Sign-On (SSO) allows your team to log in to ElevenLabs by using your existing identity provider. This allows your team to use the same credentials they use for other services to log in to ElevenLabs.

Guide

1

Access your SSO settings

Click on your profile icon located at the bottom left of the dashboard, select Workspace settings, and then navigate to the Security & SSO tab.

2

Choose identity providers

You can choose from a variety of pre-configured identity providers, including Google, Apple, GitHub, etc. Custom organization SSO providers will only appear in this list after they have been configured, as shown in the “SSO Provider” section.

3

Verify your email domain

Next, you need to verify your email domain for authentication. This lets ElevenLabs know that you own the domain you are configuring for SSO. This is a security measure to prevent unauthorized access to your Workspace.

Click the Verify domain button and enter the domain name you want to verify. After completing this step, click on the domain pending verification. You will be prompted to add a DNS TXT record to your domain’s DNS settings. Once the DNS record has been added, click on the Verify button.

4

Configure SSO

If you want to configure your own SSO provider, select the SSO provider dropdown to select between OIDC (OpenID Connect) and SAML (Security Assertion Markup Language).

Only Service Provider (SP) initiated SSO is supported for SAML. To ease the sign on process, you can create a bookmark app in your SSO provider linking to https://elevenlabs.io/app/sign-in?use_sso=true. If you’d like you can also include the user’s email as an additional query parameter to prefill the field. This would be https://elevenlabs.io/app/sign-in?use_sso=true&email=test@test.com

Once you’ve filled out the required fields, click the Update SSO button to save your changes.

Configuring a new SSO provider will log out all Workspace members currently logged in with SSO.

FAQ

What shall I fill for Identifier (Entity ID)?

  • Use Service Provider Entity Id

What shall I fill for Reply URL (Assertion Consumer Service) URL in SAML?

  • Use Redirect URL

What is ACS URL?

  • Same as Assertion Consumer Service URL

Which fields should I use to provide ElevenLabs?

  • Use Microsoft Entra Identifier for IdP Entity ID
  • Use Login URL for IdP Sign-In URL

What to fill in on the Okta side:

  • Audience Restriction: This is the Service Provider Entity ID from the ElevenLabs SSO configuration page.
  • Single Sign-On URL/Recipient URL/Destination: This is the Redirect URL from the ElevenLabs SSO configuration page.

What to fill in on the ElevenLabs side:

  • Create the application in Okta and then fill out these fields using the results
  • Identity Provider Entity Id: Use the SAML Issuer ID
  • Identity Provider Sign-In URL: Use the Sign On URL from Okta
    • This can generally be found in the Metadata details within the Sign On tab of the Okta application
    • It will end in /sso/saml
  • Please fill Recipient field with the value of Redirect URL.
  • One known error: Inside the <saml:Subject> field of the SAML response, make sure <saml:NameID> is set to the email address of the user.