Enforcing SSO and managing sign-in for your domain
How Fyxer makes sure everyone on your domain signs in through SSO, how this prevents duplicate or unmanaged accounts, and how to add more domains over time.
Once single sign-on is set up, Fyxer can enforce it for your email domain so your whole team signs in the same, secure way.
Domain enforcement is part of the Enterprise SSO setup and is managed by the Fyxer team.
How domain enforcement works
When SSO is enabled for your domain, Fyxer locks that domain to your organization. Anyone with an email on that domain is routed into your organization and signs in through your identity provider.
This means:
Users on your domain sign in with SSO.
They can't start a separate free trial or create their own "rogue" organization using a company email.
New colleagues land in the right place automatically.
Preventing direct Microsoft / Google sign-in
A common requirement is to stop users signing in to Fyxer directly with Microsoft or Google instead of going through your IdP. With your domain locked to SSO, those direct sign-ups are prevented for your domain — everyone is funnelled through SSO. If you have specific requirements here, let the Fyxer team know and we'll confirm the exact behaviour for your setup.
Adding more domains later
Many organizations use more than one email domain (for example, country or brand domains). You can add additional domains to your SSO configuration at any time - just send the Fyxer team the domain(s) you'd like to include and we'll add them to your setup.
What users see if they're not provisioned yet
If someone tries to sign in before they've been given access, they may not be recognized at the SSO screen. Add them through your identity provider (or via SCIM), then have them try again.
Still have questions?
Head to the chat in the bottom right of your Dashboard.