Skip to main content

Search

  1. Runway
  2. Account Management
  3. Enterprise

Enterprise Single Sign-On (SSO)


This feature is currently available to users on Enterprise plans.

For some organizations on Enterprise plans, sign-in is facilitated through your native SSO process. Users will log in with the email/password/MFA set up by the organization.

 

Frequently asked questions

Q: What is OIDC-based SSO?

OIDC-based SSO stands for OpenID Connect-based Single Sign-On. It is an authentication protocol that allows the members of your organization to log in to multiple applications or services using a single set of credentials. Your members are first redirected away from Runway to log in. When they’ve completed logging in with your organization, they’re then redirected back with a code that instructs Runway to log them in (or register them) with a particular email address.

 

Q: What is the SSO domain?

SSO ties all of the users from a specific domain to the users of the owner of that domain. Typically, the portion of your organization's email format after the @ defines your domain. 

 

Q: Can multiple domains be added for a single workspace?

Yes, you can have multiple IDPs, but they cannot be for the same email domain.

 

Q: Can external domains, like gmail.com, be supported for SSO?

Unfortunately, no. This is a limitation of SSO. Your organization must control the domain name that you are setting up SSO for. Users who are not on that domain can still be added to the workspace using the existing non-SSO tools but will not log in with SSO.

 

Q: Does Runway Enterprise SSO support SAML?

At this time, no.

 

Q: How do I know if my organization's IDP (Identity Provider) supports OIDC?

A majority of the common IDP providers do, including: Okta, Ping Identity, Google, Auth0, and Azure AD. If unsure, your organization's Identity Team should know.

 

Configuring SSO for Azure AD or Okta

Organizations using Azure AD or Okta as an IDP can configure SSO from the workspace settings:

  1. Navigate to Workspace settings
  2. Select the SSO tab
  3. Click the New SSO Config button
  4. Fill out the following details and click Submit:
    • ClientID
    • ClientSecret
    • Issuer URL
  5. Send an email to enterprises@runwayml.com with an email from the domain you want to connect SSO for to confirm ownership of the domain (example: If you want to configure @example.com, you need to email us from an email using that domain). 
  6. Click Yes, I have emailed Runway after sending the email

The Runway team will complete the setup within 1 business day after receiving the email. Once completed, the SSO information will populate in the SSO policy table.

 

Configuring SSO for any other IDP

From you

To set up SSO with Runway and any other IDP, please send the following information to enterprises@runwayml.com. You can get the following details from your SSO IDP:

  • A client ID and client secret unique to Runway
  • The Discovery URL, Authorization URL, and Token URL

We also need to know all email domain urls that users will be SSO signing in on that are managed by your OIDC portal – for example, some companies have users with either @companyName.com or @cmpnyNm.com and we’d need to enable each domain.

 

From us

Additionally, you'll need to know these Runway-specific SSO details to complete set up:

  • It’s a web application (not a single page application or SPA, or a native/mobile application)
  • The “grant type” is “authorization code”
  • Our redirect URL is https://app.runwayml.com/sso-redirect

 

What to expect once SSO is set up

The default policies for Runway SSO are:

  • All users whose email addresses end with the registered domain name(s) of your organization's SSO set up will be required to use SSO to log in to Runway, regardless of the workspace they're logging in to. Users with email domains outside of the registered domain names will be allowed to log into the workspace using username/password. 
  • Users logging into Runway with their own individual accounts or workspaces will not be automatically added to your enterprise workspace. Users will be in a personal workspace until they are explicitly added to the Enterprise workspace by an admin.
  • Please Note: SSO is not currently supported for Runway for iOS. To use SSO, use Runway mobile web or the Runway platform on desktop. 

Please include in your message to us if you require a custom policy to limit the application of SSO on your domain, or if you would like new users signing up to Runway to be auto-added to the Enterprise workspace. 

© 2025 RUNWAY AI, INC / TERMS OF USE / PRIVACY POLICY / CODE OF CONDUCT / SYSTEM STATUS