Set up SSO to manage your users and account access through one portal.
Rebrandly supports Single Sign-On via SAML 2.0, so you can authenticate through your existing Identity Provider (IdP), such as Okta, Azure AD, Google Workspace, or any other SAML 2.0-compliant provider.
What you'll need:
An admin account with an identity provider (IdP)
Account Owner role on your Rebrandly subscription. Only Account Owners can configure SSO.
The list of email domains your team signs in with (e.g., johndoe.com)
And before you start, check that you're only using supported SSO features.
To set up SSO:
Setting up SSO involves adding information from your IdP to your Rebrandly settings and vice versa, so it helps to keep both open in separate tabs.
Links to popular IdP instructions
Links to popular IdP instructions
The documentation for your IdP will guide you through setting up a new application.
Microsoft Entra / Azure AD — Enterprise Applications → New application → Single sign-on: SAML — Microsoft Entra SAML docs
Okta — Applications → Create App Integration → SAML 2.0 — Okta SAML docs
Google Workspace — Apps → Web and mobile apps → Add custom SAML app — Google SAML docs
OneLogin — Applications → Add App → SAML Custom Connector — OneLogin developer docs
Step 1 — Create the Rebrandly SAML app in your IdP
Log in to your IdP admin panel and create a new SAML 2.0 application. Use the values below.
Field | Value |
Application name | Rebrandly |
Entity ID / Audience URI (Rebrandly's) | |
Single Sign-On URL / ACS URL | Leave as placeholder — generated in Step 2, pasted back in Step 3 |
SAML version | 2.0 |
Signing algorithm | RSA-SHA256 |
NameID format | Persistent / immutable — user email or unique username |
Login flow | SP-initiated |
Required attributes (SAML assertion claims)
Rebrandly needs two attributes sent in the SAML assertion:
Attribute | Claim URI |
Name | |
Copy your Metadata URL
Save the SAML application in your IdP.
Most IdPs expose a Metadata URL — a public XML endpoint that describes the app's SAML configuration. You don't need to download the file; just copy the URL and make sure it's publicly accessible.
You'll need this in Step 2.
Step 2 — Complete SSO setup in the Rebrandly dashboard
Log in to Rebrandly. You must be the account owner.
Click your profile icon.
Click Settings.
Click Authentication.
Select Set up SSO and fill in:
Integration Name — a label for this configuration (e.g.,
JohnDoe-Okta-SSO)Metadata URL — the URL you copied from your IdP in Step 1
Entity ID — your IdP's Entity ID (found in your IdP metadata XML)
Click Submit. Rebrandly generates a URL.
Copy the ACS URL.
Some Notes:
Two different Entity IDs — don't mix them up:
Your IdP's Entity ID (from your metadata XML) → goes into the Rebrandly dashboard in the field Entity ID
Rebrandly's Entity ID (
https://oauth.rebrandly.com) → goes into your IdP (you did this in Step 1)
Step 3 — Paste the ACS URL back into your IdP
Go back to your IdP.
Go to the SSO SAML app you created in Step 1.
Paste the ACS URL from Step 2 into the appropriate URL field.
Save your changes.
Different IdPs use different names for this endpoint field. Common labels include: Single Sign-On URL, Recipient URL, Destination URL, and ACS URL.
Step 4 — Add your domains, default role, and workspace
Go back to Rebrandly's SSO settings.
Click Add domain.
Enter the email domain(s) your team uses (e.g.
johndoe.com).Pick a default Role. This is the permission level automatically applied to new SSO users.
Pick a default Workspace where new users land on first login.
Click Save.
If your team uses multiple email domains, add one rule per domain.
Step 5 — Test the integration
After saving, allow up to 15 minutes for the configuration to propagate. Then test with a single user before rolling out to the whole team:
Go to the Rebrandly login page (
https://app.rebrandly.com).Enter the test user's email.
You should be redirected to your IdP and back to Rebrandly, automatically signed in.
If anything fails, check our troubleshooting guide.
What happens after setup
All users must log in at https://app.rebrandly.com.
New users signing in with SSO for the first time are created automatically with the default role and workspace you configured
Existing users on your domain will be routed through SSO on their next login.
Existing users will lose their ability to log in with an email and password after the first SSO login. From then on they must continue using SSO.
Two-factor authentication (2FA) is managed at your IdP level. Rebrandly's 2FA setting does not apply to SSO users
Removing SSO — Account Owners can disable SSO at any time from the Authentication settings.
⚠️ If you are going to remove SSO, plan an access migration (e.g., re-enabling SSO under a new configuration) before removing SSO.
After SSO is disabled, users who were signing in via SSO will no longer be able to log in. You will need to contact our support team using the chat below. We can re-enable the original email/password configuration, if you had one before.