Configuring SSO for a team

Configuring single sign-on

Only an Enterprise team administrator (admin) can configure single sign-on (SSO) for a Postman team.

Go to Team Settings for an enterprise plan. The Team Settings screen appears as below:

sso enable

After configuring an SSO authentication for your Postman team, you can use the toggle option in Settings (as illustrated above) to turn on/off this SSO authentication. Click the orange circled button to turn on/off your SSO authentication system. This is a team-level option which will enable/disable SSO for the whole team.

To configure a new authentication method, click Add a new authentication method button.

In the ADD AUTHENTICATION METHOD modal, select the authentication type. Enter an authentication name that is easily identifiable to your team. Then click the Proceed button.

authentication method

Note: Always check with your authentication provider dashboard or your IT support staff for the correct information to complete a modal.

In the "Service Provider Details (Postman)", enter the ID for the Entity, and the URLs for the Login and ACS.

In "Identity Provider Details", enter URLs in "Identity Provider Details" and "Identity Provider Issuer". Next provide your authentication certificate from your identity provider in "X.509 Certificate".

Click the Generate relay state button to create a parameter to send with a SAML response in an IdP-initiated single sign-on.

Click the checkbox to automatically use this authentication method when the team adds new users.


You can either click the Configure Later button to complete the configuration later, or click the Save Authentication button to complete the process.

Managing user accounts

Creating end user accounts

You can create an account for a user in the Identity Provider (IdP).

The first time a new user logs in to Postman through the IdP, a Postman account is created under two conditions—the team has seats available and the "Allow Signups" box was checked during SSO configuration.

The user will be automatically associated to the team with a user role and have access to team resources.

Existing user account

If a Postman user logs in to Postman through a team's IdP, the user will be automatically added to the team if one of the following is true:

  • The team has available slots and "Allow Signups" is enabled.
  • An admin has invited the user to join the team.
Removing team access

An admin must remove users from their Postman team to prevent access to shared resources.