Help: Getting started with single sign-on (SSO)

Looking to take some of the friction out of your workflow? Enabling Single Sign-On (SSO) for PitchBook allows your organization to use a single set of corporate credentials to log in to multiple applications efficiently and securely. There are numerous benefits of utilizing SSO, including:

• Authentication Control: In an “SSO Mandatory” configuration, individual user authentication can be controlled directly by you. This allows you to easily manage user accounts, access, and permissions.
• On-Demand Provisioning: Just-in-time (JIT) auto-provisioning allows PitchBook user accounts to be created automatically at login – taking the manual labor out of managing user access to each individual application.
• Company Credentialing: Utilizing company authentication means one less set of credentials to remember and maintain, reducing the likelihood of repeated and less secure passwords.

SSO relies on two primary contributors, Service Provider (SP) metadata and IdP (Identity Provider) metadata, to create an authenticated and secure login, to the applications you need. Both SP and IdP requests are supported by the PitchBook SSO integration and can be configured using security assertion markup language 2.0 (SAML 2.0) via your IdP provider. Examples of IDP providers include Okta, Microsoft Entra, OneLogin, etc.

To keep you connected throughout your entire PitchBook workflow, authentication via SSO is supported across our web platform, mobile application, Excel plugin, and Chrome extension.

The technical support team at PitchBook will assist in the setup and testing of your SSO integration. To initiate this request, please reach out to our Support team. Once connected with the support team, the next step is creating a custom enterprise application on your IdP. We will create a custom metadata file to provide to you. Requesting PitchBook’s SP metadata is the first step to getting started with PitchBook’s SSO integration.

Note: We strongly suggest working with your company’s IT team to assist with the implementation of SSO, as certain steps will require changes to your company’s identity provider.

After acquiring PitchBook’s SP metadata, follow the set-up and configuration steps listed below to create your custom enterprise application on your IdP provider, which will generate your IdP metadata.

The exact steps for IdP configuration will vary depending on the provider, but the following configurations must be made before testing your SSO connection with PitchBook.

• Assertion Consumer Service (ACS) URL: See provided Metadata
• SP Entity Id: See provided Metadata
• SP Entity Name: PitchBook Platform
• Assertion Signature Required: true
• Binding: urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
• Name ID: email address (urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress) format that returns the email address used to log into PitchBook
• Email Address attribute “email” required for configuration

If your Identity Provider supports importing Service Provider metadata via a link, you will be able to import and parse necessary PitchBook metadata from the provided URL.

Once the application is created and configured, reply to your existing PitchBook customer support ticket with your IdP metadata, which should include your login URL and signing certificate, in one of the following formats:

• Federation Metadata URL
• XML Document

You will need to provide your Identity provider metadata, including the login URL and signing certificate, to PitchBook in one of the following formats:

• Federation Metadata URL
• XML Document

Please also provide a list of all email domains that will be used for SSO.

The following is an illustrative example of the Attributes & Claims configuration for Azure Entra ID SSO with JIT Auto-Provisioning enabled.

In this section, you’ll find some frequently asked questions related to SSO. Click on the + icon next to the question to reveal the answer.