# Due to high demand, you may experience longer response times.
# Due to high demand, you may experience longer response times.

SSO FAQ for teams

Here you can find the most frequently asked questions and the answers to them in connection with setting up and using SAML SSO for teams. 

What Prezi products support SAML SSO?

  • Prezi Present (Web, Android, iOS, Mac, Win)
  • Prezi Video (Web, Mac, Win)
  • Prezi Design (Web)
  • Not supported: Prezi Classic

What Identity Providers (IdP) does Prezi support?

Prezi SSO works with all Identity Providers that support the SAML 2.0 protocol, including Okta, Microsoft Azure AD, OneLogin, Ping Identity, Auth0, and G Suite.

Is SAML SSO available for all customers?
SAML SSO (single sign-on) is available for accounts with a Teams license. 

How do I set up SAML SSO for my organization?

Your team's admin can set up SAML SSO in the Admin Console under the Settings page. For more detailed information, please read this article.

What happens when SAML SSO is enabled?

When an admin enables SAML SSO, team members will not be directly affected – they will keep their active sessions and will not be logged out unless the admin enforces SAML SSO authorization. Once enabled, members will be able to use SAML SSO authorization the next time they log into Prezi. 

Will users be logged out if SAML SSO is enabled?

No, when SAML SSO is enabled, team members will not be logged out from their sessions. Team members would be logged out only when SAML SSO is enforced – then they will be logged out and asked to log in using SAML SSO.
Team members will also be able to login with normal credentials. 

What does “Enforced SAML SSO” mean?

“Enforced SAML SSO” can be used to disable other authorization methods for team members except for SAML SSO. When an admin enables “Enforced SAML SSO”, users will be forced to use SAML SSO authorization the next time they log in to Prezi. Users who try using other authorization methods will be asked to use SAML SSO.

What happens when “Enforced SAML SSO” is disabled?

When “Enforced SAML SSO” is disabled, other authorization methods will be opened for the members of your team. If a team member had used another authorization method with their email before SAML SSO was enforced, they will be able again to log in to Prezi with the same email using the other authorization method.

What happens when SAML SSO is disabled?

When “SAML SSO” is disabled, members of your team will be asked to use other authorization methods the next time when they attempt to log in with SAML SSO.

Prezi will not send an email to members of the team that SAML SSO was disabled.

What happens when a team member attempts to use SAML SSO after it is disabled?

If a team member attempts to log in via SAML SSO after it is disabled, they will be informed that SAML SSO is disabled and will be asked to use another authorization method or to create/reset their password for a regular log in using email (if the user has not used other authorization method before).

What happens with a user on Prezi.com when their account is removed from Identity Provider (IdP)?

The user who has been removed from IdP will no longer be able to log in at Prezi.com using SAML SSO. If SAML SSO was enforced, this user will no longer be able to log in at Prezi.com at all. However, if SAML SSO was not enforced, users will be able to log in with other authorization methods.

If a user was removed from Identity Provider (IdP), will they also be removed from their team at Prezi.com?

No. Users who have been removed from IdP have to be manually removed from the team at Prezi.com.

How can I properly revoke access for a user on Prezi.com when SAML SSO is being or has been, used

  1. If SAML SSO is enabled, but not enforced – remove a user from IdP and from the team at Prezi.com (sets free seat and make sure the user cannot log in with other authorization methods).
  2. If SAML SSO was disabled  – remove the user from the team at Prezi.com.
  3. If SAML SSO is enabled and is enforced  – remove the user from IdP (revokes access) and from the team at Prezi.com (sets free seat and makes sure the user cannot log in with other authorization methods).
  4. If SAML SSO is enabled, but enforcement was turned off – remove the user from IdP (revokes access) and from the team at Prezi.com (sets free seat and makes sure the user cannot log in with other authorization methods).

Soon, Prezi will introduce “SCIM protocol”, which allows automatic changes to a user on Prezi.com when changes have been made on IdP.

Are there any transactional emails?

No, there are no transactional emails related to SAML SSO integration.

Was this article helpful?

We're here to help

Reach out to support, find answers in our community, or view tutorials in the workshop.