Docebo does support multiple SSOs as long as you use different SSO types. For example, you can have one SAML, one OpenID, one GMail, etc all on the same instance.

It is possible to have more than one of a particular SSO type. If you need multiple SAML connections, for example, you will need Extended Enterprise.

We use this today with enterprise plan and it works well. We have several tenants on one instance who each have their own SSO connection 

Thank you!!

Hello @bryanbass and @irnlab, I read a Docebo´s documentation about multiple SSOs with Enterprise app, but in this article  doesn't mention multiple configuration with google . “ https://help.docebo.com/hc/en-us/articles/360020124899-Managing-the-Extended-Enterprise-App ” , 

My question is, if I have a Enterprise app with 5 domains, can I configure 5 SAML (with 5 different ADs) and 5 Google SSOs  (with 5 different ADs)?

Thank you for the help.

@msantos can’t comment on using Google SSO as we haven't use it but configuring custom SSO for each sub domain is certainly possible. You can also create a custom url for each if needed.

Hello All!

Hoping to clarify the above posts if you can assist:

• @bryanbass -- In your experience, can you tie each SSO type to a specific branch if using multiple SSO types without Extended Enterprise configured?  For Example, if I had a Customers branch (customers IDs should SSO from Salesforce OIDC) and an Employees branch (Employee ID’s should SSO from Azure AD SAML) but everyone logged into a single company instance of docebo (i.e. https://company.docebosaas.com/learn )?

• If you enable extended enterprise, and configure different SSO settings on each tenant, is there any setting to prevent the user from accessing the main instance URL ( https://company.docebosaas.com/learn ) even though they’re supposed to be logging in at  https://company.docebosaas.com/tenant ).  I thought it would be the Extended Enterprise setting to Enable Extended Enterprise Login Restriction,  but in my testing with a user in an Extended Enterprise Node still allowed me to authenticate to that base URL.

Thanks for anyone that can clarify!

Rob

For extended enterprise, you can certainly enable different versions of SSO for each sub domain however this cannot done at the branch level. That said, I never tried it...Perhaps if you have your SSO configured to 1 instance of Azure but have different groups in Azure that might be possible? I don't work on Azure so it’s just a guess.

It is possible to have separate SSO providers active at the same time in Docebo without Extended Enterprise as long as each SSO provider is a different type. For example, you may only have one instance each of SAML, OpenID, GMail, etc on the same instance.

To clarify, the SSO provider is not tied to any branch. Users are placed into branches based on your data loading procedures and/or just-in-time user provisioning. With multiple SSO providers on the same instance your users would be prompted to choose their SSO provider in order to log in. 

If you need a second instance of the same SSO provider type (a second SAML SSO provider, for example) Extended Enterprise would be required.