Mindful single sign-on (SSO) FAQs

Frequently asked questions about using SSO with Mindful

This article provides answers to frequently asked questions about Mindful SSO.

Which SSO providers do you support?

We support:

  • SAML
  • OIDC

and we have validated integrations with:

  • Okta
  • Auth0
  • Azure AD
Note: For complete instructions on configuring SSO with your chosen identity provider, see the Single Sign-On (SSO) Configuration Guides.

Can I have multiple Mindful organizations using SSO?

You can have multiple organizations on the Mindful platform with the same SSO provider, but any users who utilize SSO can only be associated with one organization.

Can organizations using SSO share users?

The short answer is "Not if they are using the same email address."

The same SSO integration can be used across multiple Mindful organizations, but each organization's users must have a different email domain. This means SSO user accounts cannot be shared unless the users log in using a different email address for each Mindful organization.

Can I have multiple Mindful organizations with the same SSO provider but different users?

Yes, the same SSO integration can be used across multiple organizations with different users assigned to each organization. Remember that those users must have different email domains, as they will each correspond to a specific Mindful organization.

How do I set up Business Units with Mindful SSO?

Business Units in Mindful Callback do not change when using SSO.

Note: Users must log in to Mindful at least once before they can be assigned to a Business Unit.

For more information, see the Business Units reference article.

How do I grant users access and permissions on the Mindful platform?

An SSO user will first have to be assigned to a group within the SSO provider that has been designated to grant them access to the Mindful platform. This group will then be mapped to roles within the Mindful platform. A user that is not assigned to a group that has been mapped to roles and access within the Mindful platform will have no access when attempting to log in.

Can users still log in with their current credentials?

After the initial migration to Mindful Platform Management, users can log in for the first time with their existing credentials. After their first login, they will be prompted to create a new password. For organizations with an SSO integration, those users will need to enter the email they use to log in to their SSO provider. They will be redirected to log in using their SSO credentials and redirected back after successful login.

Can I prevent users from logging in with their current credentials?

User accounts can be removed in two ways:

  • In Mindful — Navigate to Organization > User Management to manage user accounts. For more information, see User Management.

  • Through the SSO identity provider — Remove the user from any SSO group mapped to Mindful platform permissions.

What happens to my existing user setup?

All non-SSO user accounts will be migrated to the new Mindful platform just as they are. These users will receive an invitation to the new platform via email. They can then log in for the first time using their existing credentials.

Can an organization use both SSO and default email/password users at once?

Yes, if you use SSO, you can still optionally add users via the User Management page. Those users will log in to Mindful directly with their email and password.

However, when SSO is enabled, any users trying to log in to Mindful directly with an email address on the SSO domain will be forwarded to the SSO provider. For example, if getmindful.com were configured as the forwarding domain and a user tried to log in with JDoe@getmindful.com, that user would be forwarded to the SSO provider.