SSO in Precog

Overview

Single Sign-On (SSO) is an authentication method that allows users to log in to the application using the same credentials they already use for other business systems — such as Okta, Azure AD, or Google Workspace.

It's important to note that SSO applies only to signing in to Precog, not to the authentication methods used to connect your data sources (like Salesforce, Shopify, or Snowflake) or destinations. Those connections each require their own authentication credentials, which are separate from your user login.

SSO is an optional feature for organizations that want centralized identity management and a seamless, secure login experience for their Precog users.

Why It Matters

SSO simplifies how your users access Precog while improving security and compliance.

Centralized login: Your users sign in to Precog with the same company credentials they use elsewhere.

Stronger control: Authentication and password policies are enforced by your identity provider (IdP), not by Precog.

Fewer passwords: Users don't need to remember a separate Precog password.

Simplified management: IT teams can grant or revoke Precog access directly from the company's directory system.

This unified approach makes authentication consistent across your enterprise applications, without affecting how data connections inside Precog are managed.

How It Works Conceptually

When SSO is enabled, Precog delegates user login authentication to your organization's identity provider. The IdP becomes the single source of truth for who can access the Precog UI.

Here's what happens conceptually when a user signs in:

  1. The user goes to the Precog login page.

  2. Precog redirects the login request to your organization's identity provider (e.g., Okta, Azure AD).

  3. The IdP verifies the user's credentials based on your company's security policies (like MFA).

  4. Once verified, the IdP sends a secure confirmation back to Precog.

  5. Precog grants access — no separate password is required or stored by Precog.

Precog uses Auth0 to securely handle this exchange. In this setup, Auth0 acts as the Service Provider (SP), and your organization's identity system (e.g., Okta or Azure AD) acts as the Identity Provider (IdP).

When to Use SSO

SSO is most valuable for organizations that:

  • Want to manage Precog user access through their existing identity platform.

  • Require centralized authentication policies (MFA, password rules, session timeouts).

  • Operate in regulated environments with compliance requirements like SOC 2, ISO 27001, or GDPR.

  • Need to simplify onboarding and offboarding by linking Precog access to internal user directories.

For smaller teams or limited-use environments, standard Precog logins may be sufficient. For enterprise setups, SSO provides stronger security and easier administration.

Practical Insight

SSO changes how your team logs in to Precog, not how Precog connects to external data systems. Connections to sources and destinations — such as Salesforce, BigQuery, or Snowflake — each use their own authentication methods (OAuth, API keys, service accounts, etc.).

SSO ensures that only authorized employees can open and manage those connections inside Precog, while the individual integrations still use their own secure credentials to move data.

By separating user access control (SSO) from data connection authentication, Precog provides both enterprise-level identity management and secure, independent data connectivity.