SAML SSO in Whimsical
Whimsical offers SSO based on the SAML (Security Assertion Markup Language) specification for customers subscribed to Org Plan.
Supported SAML Identity Providers
Here's a list of the most popular SAML SSO providers supported by Whimsical, along with detailed setup instructions available through the provided links:
| Provider (with links to more configuration instructions) | SAML | SCIM |
|---|---|---|
| Okta | ✅ | ✅ Documentation |
| Microsoft Entra ID (formerly Azure Active Directory) | ✅ | ✅ Documentation |
| JumpCloud | ✅ | ✅ Documentation |
| Google Workspace (formerly G-Suite) | ✅ | ❌ |
| OneLogin | ✅ | Contact us |
| Ping Identity | ✅ | Contact us |
| Shibboleth | ✅ | Contact us |
| Auth0 | ✅ | Contact us |
| Other Providers | ✅ | Contact us |
SAML SSO FAQs
What happens if I update the name of my workspace?
Changing the name of your workspace does not affect SAML (or SCIM) once SAML has been set up. However, if you completely disabled SAML and then re-enabled it after renaming your workspace, the login URL would then update to reflect the new workspace name.
What happens if my organization changes its domain?
Changing your domain in the SAML SSO instance before adding the new email addresses to Whimsical can lead to your workspace members getting locked out or ending up with duplicate accounts. To avoid this from happening, all members of your workspace have to add a secondary email address with the new domain. Alternatively, feel free to get in touch with us and we’ll help you with updating the email addresses.
What happens if I change my email address?
Changing your email in the SAML SSO instance before adding the new email addresses to Whimsical can lead to getting locked out or ending up with a duplicate account. To avoid this from happening, please add your new email as a secondary email address to your existing Whimsical account.
I have to disable SAML SSO or switch to another SAML SSO provider. What should I do?
Make sure that you disable the "Require SAML to log in" option in the Whimsical SAML settings, then, it’s safe to switch off the SAML connection.
Disabling SAML shouldn't affect your workspace in a bad way, and folks will still be able to continue using Whimsical with their email and password combination. However, those who have only created their accounts via SAML will be asked to create a password the first time they try to log in after SAML is disabled.
If you set up SAML again with a different provider, you should follow the instructions for the new SAML SSO provider as if it were the first time connecting.
Can members be restricted to only logging in via SAML SSO, without using passwords?
Yes, it’s possible to enforce SAML-only authentication, which means that a user will be required to use SAML SSO before accessing the particular workspace where SAML is enforced.
What will happen to existing Whimsical accounts after SAML is enabled?
If you already have a Whimsical account created before enabling SAML, you can continue using it with both means of authentication. However, for your first login after activating SAML, you'll need to link your Whimsical account to SAML by first authenticating with your existing method in the following way:
- Log into your account with your existing authentification method.
- You'll then be prompted to log in via your SAML SSO provider.
- The email address provided by the SAML IdP will be linked to your existing account.
It's also possible to verify your domain to bypass these steps. This enables workspace members to log into an existing Whimsical account directly via SAML, without the need to first enter their existing username and password. Reach out to us if you're interested in verifying your domain.
Can I add guests to my workspace after SAML SSO is enabled?
Yes! If your workspace has SAML SSO enabled, you can still invite guests from outside your organization. However, if you want to limit access to only workspace members, that option isn't available yet. But feel free to let us know you're interested in this feature, as we're keeping track of such requests.