Single sign-on guide for Make.com

Leave a Comment / Make.com / By

Single sign-on guide for Make.com

This how-to guide explains how to configure single sign-on (SSO) for make.com so your organization can manage user access securely and centrally through your identity provider (IdP).

What is single sign-on in Make.com?

Single sign-on allows your users to access make.com using the same corporate credentials they use for other business apps. Instead of separate passwords, authentication is delegated to your IdP, improving security and reducing IT overhead.

On the enterprise plan, make.com supports SSO using the SAML 2.0 standard. Optional SCIM provisioning can also be enabled to automate user and group management directly from your IdP.

Requirements for Make.com SSO

Before you start, confirm that your organization meets these prerequisites.

  • An enterprise subscription that includes SAML SSO support for make.com.
  • An identity provider that supports SAML 2.0, such as Okta, Azure AD, or Google Workspace.
  • Administrator access to both your make.com organization and your IdP.
  • Optional: SCIM support in your IdP if you plan to automate provisioning.

If you need assistance assessing requirements or designing an SSO rollout, you may consider consulting a specialist such as Consultevo.

Enable SAML SSO for Make.com

The main steps to enable SAML-based SSO in make.com are:

  1. Collect SSO details from make.com.
  2. Configure a SAML app in your IdP.
  3. Enter IdP data back into make.com.
  4. Test and activate SSO for your users.

Step 1: Collect SAML data from Make.com

First, open the SSO configuration area in your make.com organization settings. There you will find the values required by your IdP, typically including:

  • Assertion Consumer Service (ACS) URL or Single Sign-On URL.
  • Audience URI (SP Entity ID) for make.com.
  • Default NameID format expected (usually an email address).

Copy these values carefully, as the SAML connection between your IdP and make.com depends on them being accurate.

Step 2: Configure the SAML app in your IdP

In your IdP admin console, create a new SAML application dedicated to make.com. Each provider has a slightly different interface, but the typical configuration includes the following fields.

Standard SAML settings for Make.com

  • App name: A recognizable name such as “Make.com SSO”.
  • Single sign-on URL / ACS URL: Paste the value provided in the make.com SSO settings.
  • Audience URI / Entity ID: Use the audience value from make.com.
  • NameID format: Commonly set to email address.
  • Application username: Typically the user’s primary email address.

Most IdPs also allow you to configure attribute statements. Map the primary email attribute in your directory to the SAML assertion so make.com can associate the incoming SAML identity with a user account.

Step 3: Provide IdP metadata to Make.com

Once the application is set up, your IdP will generate connection details that must be added to your organization settings in make.com.

Collect the following items from your IdP:

  • IdP Issuer or Entity ID.
  • SAML Single Sign-On URL (IdP login URL).
  • X.509 certificate used for signing assertions.

In the SSO configuration screen of make.com, paste these values into the corresponding fields. Verify that the certificate and URLs are formatted correctly and free of extra characters.

Step 4: Assign users and groups to Make.com

In the IdP, assign the new SAML application to the users and groups who should access make.com. Your IdP will then include them in SAML assertions when they attempt to sign in.

Typical assignment patterns include:

  • Specific security groups dedicated to automation or integration teams.
  • Department-based groups, such as IT, marketing, or operations.
  • Company-wide access if every user should be able to reach make.com.

Step 5: Test the Make.com SSO flow

Before enforcing SSO across the organization, perform controlled tests with a few pilot users.

  1. Log out of any existing make.com sessions.
  2. Initiate login via the SSO button or from the IdP’s application portal.
  3. Confirm that the user is redirected to the IdP, completes authentication, then returns to make.com.
  4. Verify that the correct make.com account opens and that no unexpected errors occur.

If issues arise, double-check:

  • All URLs and entity IDs match exactly on both sides.
  • The NameID format is correct and mapped to the right email attribute.
  • The X.509 certificate is valid and not expired.

Using SCIM with Make.com

Some enterprise customers can enable SCIM provisioning to automate user lifecycle operations for make.com. With SCIM enabled, your IdP can automatically create, update, and deactivate users and groups based on directory changes.

Typical SCIM capabilities for make.com include:

  • Automatic user creation on first assignment.
  • Profile updates when user data changes in the directory.
  • Automatic deactivation when access is removed in the IdP.

To configure SCIM, retrieve the SCIM base URL and bearer token from the appropriate section in your make.com settings, then configure them in your IdP’s provisioning tab. After a test sync succeeds, enable full provisioning.

Best practices for Make.com SSO deployments

To maintain a secure and stable SSO integration with make.com, follow these recommended practices.

Security best practices for Make.com SSO

  • Use strong, organization-wide MFA policies in your IdP rather than relying on passwords alone.
  • Rotate SAML certificates before they expire and update them in make.com.
  • Limit SSO app assignments to groups that truly need access.
  • Audit sign-in logs in your IdP and in make.com to detect unusual behavior.

User management best practices in Make.com

  • Standardize on one primary email format between the IdP and make.com.
  • Use groups in your IdP to drive role-based access and permissions in make.com where supported.
  • If SCIM is enabled, avoid manual user management to prevent conflicts.

Troubleshooting Make.com SSO issues

If users cannot sign in to make.com via SSO, review these common problem areas before escalating.

  • Mismatched identifiers: Ensure the email in the SAML assertion matches an existing user in make.com or that auto-provisioning is configured.
  • Incorrect URLs: Confirm ACS, Entity ID, and IdP login URLs are identical on both sides.
  • Certificate errors: Replace expired or malformed certificates and re-test.
  • Group assignments: Verify the user is assigned to the make.com application inside your IdP.

If problems persist, consult the official documentation at the make.com SSO help page or contact enterprise support with SAML trace logs for deeper analysis.

Next steps

With SAML and optional SCIM properly configured, your organization can control access to make.com centrally through your identity provider, simplifying user management and improving security. Continue to monitor sign-in activity, regularly review group assignments, and update your configuration whenever your identity platform or organizational structure changes.

Need Help With Make.com?

If you want expert help building, automating, or scaling your Make scenarios, work with ConsultEvo — certified workflow and automation specialists.

Get Help

Leave a Comment

Your email address will not be published. Required fields are marked *