×

Configure ClickUp SAML SSO

/ ClickUp / By

Configure custom SAML single sign-on for ClickUp

This guide explains how to configure a custom SAML single sign-on (SSO) integration for ClickUp so your team can sign in securely with your identity provider (IdP) instead of using email and password logins.

The steps below are based on the official configuration process and walk you through preparation, setup, field mapping, and testing.

Before you configure ClickUp SAML SSO

Before enabling SAML SSO for your workspace, make sure you have:

  • Access to a supported SAML 2.0 identity provider such as Okta, OneLogin, or Azure AD.
  • Workspace owner or admin permissions to change security and sign-in settings.
  • Basic understanding of SAML concepts like IdP, SP, entity ID, and assertion.

You should also confirm that your users have verified email addresses that match those stored in your IdP so they can be successfully matched during SAML authentication.

Gather information from your identity provider for ClickUp

Before entering anything into ClickUp, collect the SAML details from your IdP. Typically, you will need:

  • Identity Provider Single Sign-On URL (also called Login URL or SAML endpoint).
  • Identity Provider Entity ID or Issuer.
  • X.509 certificate in PEM format.
  • Information about how NameID and attributes such as email and name are sent in the SAML assertion.

Your IdP documentation will explain where to find these values. Keep them available while you configure the integration in your workspace.

Enable custom SAML SSO in ClickUp

Once you have the IdP details, you can enable custom SAML SSO in ClickUp from your workspace settings.

Step 1: Open security settings in ClickUp

  1. Sign in to your workspace using an account with admin or owner permissions.
  2. Open the settings area for your workspace.
  3. Navigate to the security or authentication section where SAML settings are located.

This is where you will configure SAML options and manage who can sign in with SSO.

Step 2: Add your IdP details to ClickUp

In the SAML configuration screen, you will be prompted to enter fields provided by your IdP. Common fields include:

  • SSO URL / Login URL: The URL where authentication requests are sent.
  • Entity ID / Issuer: Unique identifier for your IdP.
  • X.509 Certificate: The public certificate used to validate SAML assertions.

Paste the values from your IdP into the corresponding fields in your ClickUp SAML configuration. Make sure there are no extra spaces or line breaks around the certificate and URLs.

Step 3: Configure ClickUp service provider details in your IdP

Your IdP will also require information about ClickUp as a service provider. In most SAML configurations, you will add:

  • Assertion Consumer Service (ACS) URL: The URL where your IdP posts SAML assertions after users authenticate.
  • Service Provider Entity ID: The unique identifier for ClickUp as a SAML service provider.
  • RelayState or default redirect URL: Optional URL where users should land after sign-in.

Retrieve these values from the SAML settings section in your workspace and copy them into your IdP application configuration exactly as shown.

Configure ClickUp SAML attribute mapping

Attribute mapping controls how user information from your IdP is matched to accounts inside your workspace. Proper mapping is required so that users are recognized correctly when they sign in.

Required fields for ClickUp SAML mapping

At a minimum, ClickUp must receive the user’s email address from the SAML assertion. In your IdP:

  • Ensure that Email is sent as the NameID or as a specific attribute, according to the workspace configuration.
  • Confirm that the email in the assertion exactly matches the email in the user’s workspace profile.

Many organizations also map additional attributes such as first name and last name so profile information is consistent between systems.

Optional attribute mapping for ClickUp

Depending on your IdP, you may be able to send extra attributes to ClickUp, including:

  • First name
  • Last name
  • Display name
  • Department or organization details

Check your IdP documentation for instructions on adding attribute statements to SAML assertions. Then, map those attributes according to the labels supported in your workspace SAML settings.

Set SSO behavior and access policies in ClickUp

After the core SAML connection is configured, you can refine how users interact with SSO in ClickUp.

Control who must use SAML SSO

Depending on your plan and security needs, you may be able to:

  • Require all workspace members to sign in exclusively with SAML SSO.
  • Allow both SAML SSO and email/password logins.
  • Limit SSO to certain user groups if your configuration supports that level of control.

Adjust these options in the SAML or security settings area of your workspace so the sign-in experience matches your organization’s security policy.

Configure session and security options

Some workspaces choose to further secure access by:

  • Setting session timeouts or re-authentication intervals.
  • Combining SAML with other security features such as 2FA, if allowed by the configuration.
  • Managing device or IP restrictions through the IdP to centralize access control.

Review your internal security requirements and configure both the IdP and workspace settings accordingly.

Test your ClickUp SAML SSO setup

After configuration, always test SSO with a small group of users before rolling it out to everyone.

Step 1: Use a test user

  1. Create or select a user account in your IdP that matches a real user in the workspace.
  2. Log out of ClickUp in all browsers or use an incognito window.
  3. Access the SSO login URL or use the SSO button if available on the sign-in page.

Confirm that the user is redirected to the IdP for authentication and then returned to the workspace after successful sign-in.

Step 2: Validate user details and permissions

Once the test user is logged in, check:

  • That the correct email address appears in the user profile.
  • That first name and last name are accurate if you are mapping those attributes.
  • That the user has appropriate workspace permissions based on your internal policy.

If anything is incorrect, adjust attribute mapping or IdP configuration and test again.

Troubleshooting ClickUp SAML SSO issues

If something goes wrong during sign-in, review these common areas:

  • Certificate problems: Make sure the X.509 certificate in ClickUp matches the one configured in your IdP and has not expired.
  • URL mismatches: Verify that ACS URL and Entity ID values are identical in both systems.
  • Email mismatch: Confirm that the email from the SAML assertion matches the email stored for the user inside the workspace.
  • Clock skew: Some IdPs are strict about time settings. Ensure your IdP and the service are using accurate system time.

Review error messages from your IdP or SAML logs if available. These logs often indicate which field or setting is incorrect.

Resources for ClickUp SAML configuration

For a detailed reference of all supported fields and examples, refer to the official documentation used as the basis for this guide: Configure custom SAML single sign-on.

If you need expert help with implementation, optimization, or rollout planning for your workspace, you can also consult specialists at Consultevo for additional guidance.

Once everything is configured and tested, your organization can benefit from centralized identity management, simpler user onboarding, and more secure access to ClickUp via custom SAML SSO.

Need Help With ClickUp?

If you want expert help building, automating, or scaling your ClickUp workspace, work with ConsultEvo — trusted ClickUp Solution Partners.

Get Help

“`

Verified by MonsterInsights