Skip to main content

Search

  1. Runway
  2. Enterprise
  3. Admin Resources
  4. Enterprise SSO

Enterprise SSO FAQs


Introduction

This article addresses common questions about Single Sign-On (SSO) for enterprise users, covering both general SSO concepts and specific details about integrating SSO with Runway.

For a detailed walkthrough to set up SSO, please see the Configuring Enterprise SSO guide.

 

General SSO FAQs

What is OIDC-based SSO?

OIDC-based SSO (OpenID Connect-based Single Sign-On) is an authentication protocol that enables your organization's members to access multiple applications using one set of credentials.

When users log into Runway, they're redirected to your organization's login system. After successful authentication, they're redirected back to Runway with a secure code that automatically logs them in or registers them using their verified email address.

What is the SSO domain?

SSO ties all of the users from a specific domain to the users of the owner of that domain. The portion of your organization's email format after the @ typically defines your domain.

How do I know if my organization's IDP (Identity Provider) supports OIDC?

A majority of the common IDP providers do, including: Okta, Ping Identity, Google, Auth0, and Azure AD.

If unsure, your organization's identity or security team should know.

 

Runway-integrated SSO FAQs

Which members have permissions to configure SSO?

Admins or billing admins of the workspace can configure SSO.

Can multiple domains be added for a single workspace?

Yes, you can have multiple IDPs or configurations for different domains, but they cannot be for the same email domain.

I have already previously set up my SSO config with Runway, but now I need to add a new domain.

Please reach out to support with the additional domain(s) needed.

Can workspace members change their email once SSO is configured?

No, the option to change the email address is disabled on accounts associated with an Enterprise workspacce.

Can external domains, like gmail.com, be supported for SSO?

Unfortunately, no. This is a limitation of SSO. Your organization must control the domain name that you are setting up SSO for. Users who are not on that domain can still be added to the workspace using the existing non-SSO tools but will not log in with SSO.

Does Runway Enterprise SSO support SAML (Security Assertion Markup Language)?

At this time, no. We do not support SAML.

Does Runway Enterprise SSO support SCIM (System for Cross-domain Identity Management)?

At this time, no. We do not support SCIM.

 

 

 

 

 

 

 

© 2025 RUNWAY AI, INC / TERMS OF USE / PRIVACY POLICY / CODE OF CONDUCT / SYSTEM STATUS