Skip to main content
Single Sign-On (SSO) lets your users sign in to Pickcel using your organization’s identity provider, such as Okta or Amazon Cognito. This helps simplify access and centralize authentication for your team.
SSO is not enabled by default. To enable SSO for your account, contact your Pickcel sales representative or email contact@pickcel.com.

Before you begin

Prerequisites

  • Your Pickcel account has been created and onboarding is complete
  • SSO has been enabled for your account by the Pickcel team
  • You have your identity provider details ready
  • You have chosen a Tenant ID for your organization
Pickcel supports three authentication methods:
MethodDescription
SAMLSecurity Assertion Markup Language - XML-based standard
OIDCOpenID Connect - OAuth 2.0-based identity layer
JWTJSON Web Token - Compact token format
Choose the method recommended by your IT team and supported by your identity provider.
Your Tenant ID:
  • Must be unique across all Pickcel accounts
  • Cannot contain spaces
  • Should not exceed 40 characters
You may also see Tenant ID referred to as a tenant key in some documentation.

Request SSO enablement

SSO must first be enabled by Pickcel before you can configure it.
1

Complete onboarding

Ensure your Pickcel account setup and onboarding are complete.
2

Contact Pickcel

Reach out to your Pickcel sales representative or email contact@pickcel.com to request SSO enablement.
3

Wait for confirmation

The Pickcel team will confirm when SSO has been enabled for your account.
4

Sign back in

Log out of Pickcel and sign back in. The Set Up SSO option will now appear in your account settings.

Configure SSO in Pickcel

1

Open SSO settings

Sign in to Pickcel, click your profile icon in the top-right corner, select Settings, then click Set Up SSO.
2

Enter your SSO details

Fill in the required fields:
FieldDescription
Tenant IDA unique identifier your users will enter when signing in with SSO
Provider NameA friendly name for your identity provider (e.g., Okta, Cognito)
Auth TypeSelect SAML, OIDC, or JWT
Click Proceed when ready.
3

Complete identity provider setup

After clicking Proceed, complete the remaining configuration in your identity provider using the values shown on screen.
Only one SSO integration can be enabled per Pickcel account. You cannot enable multiple auth types simultaneously.

Identity provider configuration

When configuring SAML, you will need to:
  • Copy Pickcel’s redirect URL to your identity provider
  • Configure audience or entity ID settings
  • Upload or exchange metadata/XML between Pickcel and your IdP
Your IT administrator should complete this setup using the values displayed in the Pickcel configuration screen.

Sign in with SSO

Once SSO is configured, users can sign in using their organizational credentials.
1

Go to Pickcel sign-in page

Open console.pickcel.com in your browser.
2

Click Login with SSO

On the sign-in page, click Login with SSO.
3

Enter your Tenant ID

Enter the Tenant ID configured by your organization.
4

Authenticate with your IdP

You’ll be redirected to your organization’s identity provider. Sign in with your work credentials.
5

Access Pickcel

After successful authentication, you’ll be redirected back to Pickcel.

After first SSO login

After a user signs in with SSO for the first time, your Pickcel admin may need to:
  • Assign appropriate roles
  • Configure permissions
  • Allocate resources
Sub-user limits still apply based on your license.

Important information

Once SSO is enabled, the Change Password and MFA options are hidden in Pickcel because authentication is managed by your identity provider.
  • SSO is not enabled by default and must be requested through Pickcel
  • Your account must be created and onboarding completed before SSO setup
  • You must log out and log back in after Pickcel enables SSO to see the setup option
  • Only one SSO integration can be active per account
  • Only one auth type can be enabled at a time
  • Must be unique
  • Cannot contain spaces
  • Should not exceed 40 characters

FAQ

Yes. SSO must first be enabled for your account by the Pickcel team before you can configure it.
Navigate to: Profile iconSettingsSet Up SSO
Choose the auth type used by your organization’s identity provider and recommended by your IT team. Available options are:
  • SAML - Most common for enterprise SSO
  • OIDC - Modern OAuth 2.0-based approach
  • JWT - Token-based authentication
No. Only one SSO method can be enabled at a time per Pickcel account.
When SSO is enabled, authentication is handled entirely by your identity provider. Because of this, password management and MFA options are hidden in Pickcel—these are now managed through your IdP.
Yes. Pickcel admins can still assign roles, permissions, and resources to users after they sign in through SSO.

Need help?

If you need assistance enabling or configuring SSO, contact your Pickcel sales representative or email contact@pickcel.com.