.png?width=140&height=37&name=BLAZE-Logo-Blue%20(2).png){kind=logo}
Retail | Understanding Enterprise SSO at BLAZE
Enterprise Single Sign-On (SSO) at BLAZE allows large organizations to integrate their corporate identity provider (such as Microsoft Entra ID or Google Workspace) with BLAZE products. This enables centralized user management, enhanced security, and seamless access across all BLAZE applications.
Note: Enterprise SSO is available to Enterprise-tier customers. If you're on a Premium or Pro tier, see How to Sign In with Social Login instead.
What is Enterprise SSO?
Enterprise SSO connects BLAZE to your organization's identity provider. When enabled, your employees log in to BLAZE using their company credentials managed by your IT department — the same credentials they use for other corporate applications.
Key Benefits
- Centralized User Management: IT admins control user access from your identity provider (eg: Microsoft Entra ID), not from within BLAZE
- Enhanced Security: Enforce your organization's security policies, including multi-factor authentication (MFA), password complexity, and conditional access
- Provisioning: When an employee joins your BLAZE organization, their access is automatically granted to all the products based on the permissions
- Deprovisioning: When an employee leaves your organization, their access is automatically revoked if disabled in the IdP.
- Domain Restrictions: Limit BLAZE access to users with email addresses from your company domain
- Seamless Access: Employees log in once and access BLAZE Retail Admin, POS, and ECOM without re-authenticating
Supported Identity Providers
BLAZE Enterprise SSO supports the following identity providers:
- Microsoft Entra ID (formerly Azure Active Directory)
- Google Workspace
How Enterprise SSO Works
- Your IT administrator configures the integration between your identity provider and BLAZE
- BLAZE creates a dedicated SSO realm for your organization
- Employees navigate to the BLAZE login page and select your company's SSO option
- They're redirected to your identity provider's login page
- After authenticating, they're redirected back to BLAZE and logged in automatically
- The App Switcher allows seamless navigation between BLAZE Retail, POS, and ECOM
Prerequisites
To enable Enterprise SSO, your organization needs:
- An active BLAZE Enterprise subscription
- An active Microsoft Entra ID or Google Workspace account
- IT administrator access to your identity provider
- Domain ownership verification (for domain restrictions)
Getting Started with Enterprise SSO
Enterprise SSO setup requires coordination between your IT department and BLAZE support. To get started:
- Contact BLAZE support or your Customer Success Manager to request Enterprise SSO
- BLAZE will provide you with configuration details specific to your organization
- Your IT administrator will share the configuration for your identity provider
- BLAZE will complete the setup and test the connection
- Once enabled, your employees can log in using your company SSO
Important: Enterprise SSO setup is handled by BLAZE support in coordination with your IT team.
Common Questions
- How do domain restrictions work? Can I allow multiple domains?
- Domain restrictions are configured by Blaze team. Each enterprise customer has a list of allowed domains, so if your company is Acme Flower, you might have acmeflower.com and two or three other company domains allowed. Only users with email addresses matching those domains can log in through that realm. Yes, multiple domains per company are supported. Non-enterprise plan do not have access to domain restrictions.
- Domain restrictions are configured by Blaze team. Each enterprise customer has a list of allowed domains, so if your company is Acme Flower, you might have acmeflower.com and two or three other company domains allowed. Only users with email addresses matching those domains can log in through that realm. Yes, multiple domains per company are supported. Non-enterprise plan do not have access to domain restrictions.
- Can I have some users on SSO and some on password login?
- Yes. The system is designed for this. POS users who only need a PIN to operate don't need SSO at all — they can still log in with just their PIN. For back-office staff, the enterprise admin could disable password login and require SSO.
- Can I disable password login for my employees?
- Yes, but only with the enterprise tier. Disabling password login is an enterprise-only feature. When enabled, if a user tries to log in with email/password, the system would show a message like "Password login is disabled. Please use SSO."
- Do POS users with PINs need SSO?
- No. POS users authenticate with a PIN that's already inside the app. They don't need SSO and don't need a corporate email. This was specifically for entreprise customers that don't want to set up SSO for budtenders who come and go frequently. The PIN-based POS login continues to work independently. However, if someone needs to access Retail Admin or Ecom, they would need to go through SSO.