SSO Configuration
Single Sign-On (SSO) lets your team members authenticate using your organization's identity provider instead of a separate BreakGround password.
Supported Providers
BreakGround currently supports Google OAuth as the SSO provider. Team members sign in with their Google Workspace or personal Google accounts.
SSO is available on the PRO and ENTERPRISE plans.
Enabling Google SSO
- Navigate to Settings > Authentication.
- Toggle Enable Google SSO.
- The platform uses the pre-configured Google OAuth client. No additional setup is required on your end.
- Team members see a Sign in with Google button on the login page.
How the SSO Login Flow Works
- The user clicks Sign in with Google on the BreakGround login page.
- BreakGround redirects to Google's OAuth consent screen.
- The user authenticates with their Google account.
- Google redirects back to BreakGround with an authorization code.
- BreakGround exchanges the code for user profile information (email, name).
- If the user's email matches an invited team member, a JWT session token is issued.
- The user is redirected to the dashboard with an active session.
If the Google account email does not match any invited member, login is denied. The user must first be invited via Settings > Team.
Requiring SSO for All Members
Owners can enforce SSO as the only authentication method:
- Go to Settings > Authentication.
- Enable Require SSO for all members.
- Once enabled, email/password login is disabled for all team members except the Owner.
The Owner always retains email/password access as a recovery mechanism.
Fallback to Email/Password
When SSO is not enforced, team members can choose either login method:
- Google SSO -- Click the Google button on the login page.
- Email/Password -- Enter credentials directly.
If a member initially registered via Google SSO and later needs password access, they can use the Forgot Password flow to set a password.