Yes. Dapple supports Single Sign-On (SSO) on the Pro plan and above, using OpenID Connect (OIDC). This lets your team sign in to Dapple with your existing identity provider — Okta, Microsoft Entra ID, Google Workspace, Auth0, or any other OIDC provider — instead of a separate Dapple password. An organisation administrator sets it up once in Organisation Settings → Security → Single Sign-On, and you can enforce it so it becomes the only way members sign in.
What is SSO in Dapple?
SSO lets your team sign in to Dapple using the same credentials they already use for their other work apps. Instead of typing a Dapple-specific password, someone enters their work email, and Dapple redirects them to your identity provider to log in. Once your provider confirms who they are, they land back in Dapple already signed in.
Why use SSO instead of standard sign-in?
SSO shifts authentication to your identity provider, which gives you central control over access:
Standard sign-in | SSO |
Each person has a separate Dapple password or magic link | People sign in with credentials they already use for other work apps |
Access is removed by deleting the person in Dapple | Access can be controlled centrally from your identity provider |
No enforcement — Google, Microsoft, Apple, or email sign-in are all available | Can be enforced so your identity provider is the only way in |
Fewer passwords for your team to manage or forget.
Faster onboarding — new starters get access as soon as they're added to your identity provider.
Centralised offboarding — your IT team already has a process for removing leavers from the identity provider.
Consistent security policies (MFA, password rules, session limits) enforced by your provider, not by Dapple.
Which identity providers does Dapple support?
Dapple supports any identity provider that implements OpenID Connect (OIDC). Common providers include:
Okta
Microsoft Entra ID
Google Workspace
Auth0
Other OIDC providers, such as Ping Identity, OneLogin, or JumpCloud
What do I need to turn on SSO?
The Pro plan or above, and the Manage permission on your organisation.
Admin access to your identity provider, to register Dapple as an application and get a Client ID and Client Secret.
Access to your DNS provider, to verify the email domain(s) SSO should apply to.
How do I set up SSO?
Setting up SSO takes three steps: register Dapple as an application with your identity provider, enter its issuer URL and credentials in Dapple, then verify the email domains SSO should apply to. For the full walkthrough, including provider-specific pointers for Okta, Entra ID, Google Workspace, and Auth0, see
Best practice
Confirm SSO works end-to-end — sign in yourself in a private/incognito window — before enforcing it for everyone.
Verify every email domain your organisation uses, not just your primary one.
Remove leavers from your identity provider as well as from Dapple — removing them only from Dapple doesn't stop them signing back in via SSO.
Keep a non-SSO admin account or process in mind in case your identity provider is ever unavailable.
Where to go next
