Trustpilot's Single sign-on (SSO) improves your account security by enabling your own authentication provider to access your Trustpilot Business page. Here’s a list of the most commonly asked questions about how it works.

Take a look at how to set up SSO in this article.

What does using SSO mean?

Single sign-on (SSO) is an authentication scheme that allows users to log in with a single ID to any of several related yet independent software systems.

How is SSO different from other login methods and what are the advantages?

Without SSO, every user on Trustpilot Business requires their own email and password that is unique to Trustpilot, or they are required to log in with a Google account. With SSO, users can reuse their corporate credentials, which minimizes the chances of forgetting passwords, while increasing the security of users accessing the platform.

What can cause issues when logging in with SSO?

If your users within the B2B app have 2FA setup, this causes issues when logging in with SSO. This doesn’t refer to any 2FA you have set up with your external authentication provider (the one you use during SSO login).

What Trustpilot integrations support SSO?

You can authenticate via SSO when configuring any of our integrations. Once configured, they will work as usual.

What is an Identity Provider?

An identity provider (IdP) is a service that stores and verifies user identity. IdPs are typically cloud-hosted services and often work with single sign-on (SSO) providers to authenticate users.

What does SAML stand for and what does it do?

SAML stands for Security Assertion Markup Language. It is an umbrella standard that covers federated identity management (FIM), and SSO. SAML activates SSO for browser-based applications.

Which Identity Providers does Trustpilot support?

The solution is agnostic to Identity Provider. Trustpilot’s SSO solution, however, does not support the use of multiple identity providers per account, e.g. using both Okta and Google at the same time.

Does Trustpilot support SAML 2.0 with a generic identity provider?

Yes.

Do you use XML metadata files?

No, but we can provide the following:

Service Provider ID: saml.trustpilot

Assertion Consumer Service (ACS): https://authentication.trustpilot.com/__/auth/handler

Depending on the service you’re using to set up Single-sign-on, Service Provider ID can also be referred to as Service Provider Entity ID, while Assertion Consumer Service (ACS) can be referred to as Reply URL.

Which authentication flow does Trustpilot support?

Trustpilot supports the service provider-initiated flow. In the Trustpilot authenticate page, users should select the Log in with SSO option, enter the domain name, click Log in, and authenticate with their identity provider (IdP).

Do I need to configure a relay state in my Single-sign-on configuration?

We don't send a relay state when Trustpilot Business initiates an authentication request, and we don't need to receive a value in your authentication response.

When logging in, are accounts automatically created ("just in time"), or do they need to be made ahead of time?

The user has to be created ahead of time in the Trustpilot user management panel.

Can I still allow email login as well as SSO?

Yes - You have the option to be SSO-only by enforcing SSO login, or to allow both SSO and email login by simply enabling SSO login. Read more about that here.

What happens to users who are logged in another way when SSO is enforced?

Instead of logging users out immediately when SSO is enforced, Trustpilot redirects all users who are logged in via email and password or Google to another domain that doesn't have SSO enforced. Users will be signed out, however, if all of their business accounts have SSO enforced and they're not logged in with SSO.

I invited a new user to one of my domains when I had SSO enforced. Now I've disabled SSO, but that same user doesn’t have a password to sign in. What can I do?

The user can set a password using the reset password flow on the Trustpilot Business login page. Check out this article, where we explain how to change or reset your password. If the user needs to change their email address associated with your account, have a look here.

How many users can I give access to via SSO?

The amount of seats is dependent on the agreement with Trustpilot and is part of your enterprise agreement.

What do different user roles mean for users when they are logged in via SSO?

When logged in via SSO, the same three user roles can be assigned to users as described in this article.

All users will have access to personal email and notifications.

What if I leave my company? Do I have to do anything?

If you have SSO enforced then no, your corporate IdP admin will be able to disable your Trustpilot access with your corporate account. However, if you have SSO enabled (meaning SSO is optional), then your user will need to be deleted manually, to prevent traditional email and password login. Either way, it's good practice to remove users from your Trustpilot account once they leave your organization.

What data are you collecting from me and what will it be used for?

Basic user information such as email and marketing preferences are still stored, but users do not need to enter these again.