Rewind supports single sign-on (SSO) for improved access control and security for your Rewind account. Rewind uses Security Assertion Markup Language (SAML), which is an SSO login method offering more secure authentication (with a better user experience) than usernames and passwords. Rewind will support SAML-based identity providers (IdPs) such as Okta, OneLogin, Auth0, and more. Please check your identity providers’ websites to see if they support SAML .
To set up SSO for your Rewind account, please get in touch with help@rewind.com.
SSO FAQ
Which Rewind solutions support SSO?
Rewind Backups for Jira and Rewind Backups for Confluence support single sign-on (SSO).
Which version of SAML does Rewind support?
Rewind supports SAML 2.0.
Do you support automatic user provisioning?
Rewind supports “just in time” user provisioning. New users who authenticate using your IdP are automatically created in Rewind and associated with your organization as admins.
What permissions do SSO users have?
Currently, SSO users are admins at the organization level. We do not yet support read-only users or the ability to restrict access for SSO users to certain services (i.e., Jira, Confluence).
Can SSO users reset their password?
No, SSO users will be redirected to the SSO login page: https://app.rewind.com/users/sign_in (click on Sign in with SSO instead) when attempting to reset their password. This is based on the email domain.
What if the user already exists in Rewind?
The first time the user logs in with SSO, the system will detect that they already have an email/password set up, and they will be asked to confirm their password on that account to complete the link. When they log in with SSO in the future, they won't be prompted for their password again.
Once the user logs in with SSO, they cannot reset their password through the normal process and will be redirected to log in with SSO instead.
Do you support automatic user provisioning or de-provisioning?
No, we currently do not support SCIM (System for Cross-domain Identity Management). Access needs to be controlled within your IdP.
Can I still invite users using the traditional invite mechanism?
No, once an organization is set up with SSO, the user management needs to be done within your IdP.