Introduction to Bionic
      Back to home
      1. Help Center
      2. Bionic for Agencies
      3. Introduction to Bionic

      Log in with Single Sign-On

      Here’s How to Log in to Bionic for Agencies Using your Company’s Identity Provider.

      Bionic supports Single Sign-On (SSO), allowing you to log in with your company credentials instead of managing a separate username and password. This improves security, reduces password fatigue, and gives your IT team centralized control over user access.

      If your organization has SSO enabled, you’ll be able to use the Use Single Sign-On option on the Bionic login page.

      Screenshot of Bionic's log in page.

      In this article, we’ll cover:

      1. See the Supported Identity Providers

      2. Get Set Up for SSO

      3. Log In with SSO

      4. Frequently Asked Questions (FAQ)

      NOTE: Your SSO login email must match your Bionic user email exactly. Bionic does not currently support automatic user provisioning through SSO. If the email you use to authenticate through your identity provider doesn’t match your existing Bionic user account, you won’t be able to log in.

      It’s common for companies to have multiple variants of employee email addresses (e.g., jsmith@company.com, john.smith@company.com, jsmith@subsidiary.company.com).

      Make sure you use the exact email address assigned to your Bionic user.


      See the Supported Identity Providers

      Bionic supports a wide range of identity providers through our SSO integration. The following IdPs are supported:

      • ADP OpenID Connect

      • Auth0 SAML

      • CAS SAML

      • ClassLink SAML

      • Cloudflare SAML

      • CyberArk SAML

      • Duo SAML

      • Entra ID (Azure AD)

      • Entra ID OpenID Connect

      • Google OpenID Connect

      • Google SAML

      • JumpCloud SAML

      • Keycloak SAML

      • LastPass SAML

      • Login.gov OpenID Connect

      • Microsoft AD FS

      • miniOrange SAML

      • NetIQ SAML

      • Okta

      • Okta OpenID Connect

      • OneLogin

      • Oracle

      • PingFederate

      • PingOne

      • Rippling

      • Salesforce

      • Shibboleth

      • Shibboleth Generic SAML

      • SimpleSAMLphp SAML

      • VMware Workspace One


      Get Set Up for SSO

      To enable SSO for your organization, your IT administrator will need to configure the connection with Bionic.

      1. Your Org Admin or IT or Security team in Bionic will provide your company’s domain to Bionic Support.

      2. Bionic Support will walk your IT team through connecting your identity provider.

      3. Once set up, all users in your domain can use SSO to access Bionic.

      Note: If your organization requires SSO-only login, Bionic can configure this setting so users cannot log in with username and password.

      Below are sample screenshots showing what your IT team may see during setup:

      IT/Security admin config screen 

       

      Sample of step by step instructions. NOTE: This is a screenshot for Okta (other provides may look different).

       

      Sample completed and activated connection screen:

       

      Successful configuration screen: 

      Example of user screen:


       

      NOTE: Bionic does not currently support automated user provisioning through SSO. All users must already exist in Bionic with an exact email match to their identity provider account. If a user is missing, an admin must add them manually before they can log in with SSO.

       


      Log In with SSO

      Once your organization is enabled for SSO:

      1. Go to the Bionic login page.

      2. Enter your company email address.

      3. Click Use Single Sign-On.

      4. Bionic will check your domain and route you to your company’s identity provider (e.g., Okta, Azure AD, Google).

        1. If you’re already logged into your identity provider in this browser session, you’ll be logged into Bionic automatically.

        2. If you’re not logged in yet, you’ll be prompted to authenticate with your company credentials (your organization may also require MFA).

      5. Once authentication is confirmed by your identity provider, you’ll be logged directly into Bionic. 

      Tip: You can also launch Bionic directly from your IdP’s application dashboard (e.g., Okta or Microsoft Entra portal) if your IT team has enabled that option.

      SSO availability and pricing may vary based on your organization’s setup. If you're interested in enabling SSO for your organization please reach out to Bionic Customer Support or your CSM to discuss.

      Frequently Asked Questions (FAQ)

      What is Single Sign-On (SSO)?

      Single Sign-On (SSO) is an authentication method that allows users to log in once through a central identity provider (IdP) and then access multiple applications, including Bionic, without needing separate passwords. 

      Which Identity Providers (IdPs) does Bionic support?

      Bionic supports all major IdPs, including Microsoft Entra ID (Azure AD), Okta, Google Workspace, Ping Identity, OneLogin, Auth0, Duo, CyberArk, Salesforce, Oracle, VMware Workspace ONE, ADFS, and more. If your provider supports SAML 2.0 or OpenID Connect, it will work with Bionic. For a complete list, See the Supported Identity Providers.

      How do I enable SSO for my organization in Bionic?

      To enable SSO, an administrator must contact Bionic Support with your company’s email domain(s). Our team will work with your IT department to configure the IdP connection. Once completed, users with matching email accounts in Bionic can log in using SSO. For details, see Get Set Up for SSO.

      Can SSO be enforced so users can’t log in with a password?

      Yes. Once your organization’s SSO is configured and tested, Bionic can enforce SSO-only login for all users. This increases security by requiring everyone to authenticate through your IdP.

      Does Bionic support automatic user provisioning (SCIM)?

      Not at this time. Each user must already have a Bionic account with an email address that exactly matches their IdP credentials. If the account does not exist, the user will not be able to log in via SSO.

      What happens if a user’s email changes?

      If a user’s email address changes in your IdP, their Bionic account must be updated to match the new email. Otherwise, SSO login will fail. Your Bionic Org Admin can update the email address in Bionic.

      What happens when an employee leaves the company?

      Once the user is deactivated in your IdP, they will no longer be able to log in to Bionic via SSO. To fully remove their access, also disable or remove their account inside Bionic.

      Can users still log in with a Bionic password if SSO is enabled?

      By default, users can choose either method. However, your organization may request to enforce SSO-only login for all users, ensuring they must authenticate through your IdP.

      Does SSO work with multi-factor authentication (MFA)?

      Yes. If your IdP enforces MFA, those same policies will apply to Bionic logins. Bionic defers all MFA requirements to your identity provider.

      Is SSO available to all Bionic customers?

      SSO is available to organizations on eligible plans. Availability may vary based on your contract. Please reach out to your Customer Success Manager or Bionic Support for details.

      Can I log in to Bionic directly from my IdP’s app portal?

      Yes. Once SSO is configured, your IT team can add Bionic as an app in your IdP’s portal (e.g., Okta dashboard, Microsoft Entra MyApps). Users can click the Bionic app tile to launch directly into Bionic without visiting the login page.