Most of the work in setting up SSO happens in your identity provider, where your IT team already configures dozens of other apps. LeasePilot's part is short: a single form your IT admin fills out, the same shape regardless of which IdP you run. From start to working sign-in is usually one working session, not a multi-week rollout.
01How it works
- i.We send a setup link to your IT admin during onboarding, or whenever your firm decides to switch SSO on. The link opens a form preconfigured for your account.
- ii.Your IT admin fills the form with connection details from your identity provider — metadata URL, certificate, claim mappings, the usual. The form looks the same whether you run Okta, Azure AD, Google Workspace, OneLogin, or something else.
- iii.They finish in the IdP. Your IT team assigns users or groups to the LeasePilot application and tests sign-in once. Anyone in the assigned group sees the SSO path the next time they sign in.
The reason that form is consistent across providers is that LeasePilot uses WorkOS as its SSO layer. If your IT admin has already wired up another tool through WorkOS, the LeasePilot form will look familiar: same fields, same flow.
02When something needs to change
If your IdP changes, your group assignments shift, or you migrate from one provider to another (Okta to Azure AD, for example), tell your implementation team. We re-send the setup link, your IT admin updates the form, and the new provider takes over without users having to relearn anything.
NoteWhen SSO is on, LeasePilot passwords stop mattering for those users. Anyone signing in through your IdP authenticates there every time, so password resets, rotation policies, and shared-password worries belong to your provider rather than to LeasePilot. That's the point.
Once SSO is live, the sign-in flow detects it from the email a user enters and routes them to your IdP automatically. Users who want a second factor on top can still turn 2FA on from their account.