Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.interchange.io/llms.txt

Use this file to discover all available pages before exploring further.

Single Sign-On (SSO) lets members of your organization authenticate with your corporate identity provider (Okta, Azure AD, Google Workspace, and others) instead of managing a separate password.
SSO is configured by an Admin on your account. If you don’t have that role, ask an admin to follow this guide.

Before you start

  • Confirm you have an Admin role on the Scope3 account where you want to enable SSO.
  • Have a member of the team with access to your identity provider’s admin console available — completing setup requires either its SAML metadata URL or XML.
  • Use a corporate email address as your Scope3 sign-in. Public domains (gmail.com, yahoo.com, etc.) are not supported.

Setting up SSO

Step 1 — Sign in to interchange.io

Sign in at interchange.io with your Admin account. Sign in to interchange.io

Step 2 — Open Account configuration on the homepage

From the homepage, find the Admin section and select Account configuration. Account configuration tile on the homepage

Step 3 — Register your company domain

Ensure your company domain has been registered and verified.
You must complete company domain registration before SSO setup unlocks. The Open setup portal button stays disabled until your registered company domain is verified.
In the Registered company domain section, enter your company domain and click Save:
  • If the domain matches your sign-in email (e.g., signed in as you@acme.com registering acme.com), it’s auto-verified immediately.
  • If it doesn’t match (or for a child account whose domain differs), the row goes to Pending Scope3 approval.
SSO blocked until company domain is verified

Step 4 — Confirm the domain is Verified

Once the domain shows the Verified chip, the SSO section unlocks and the Open setup portal button becomes clickable. Account configuration with the registered company domain verified

Step 5 — Review the Single Sign-On (SSO) section

In the Single Sign-On (SSO) section below the domain section you’ll see setup instructions and an Open setup portal button.
You’ll need a member of the team with access to your identity provider’s admin console to complete the next step.
Single Sign-On instructions on the Account configuration page

Step 6 — Follow the steps in the setup portal

Click Open setup portal. A guided portal opens in a new tab and walks you through three sub-steps.
Portal links expire 5 minutes after generation. If your link expires, return to Account configuration and click Open setup portal again to generate a new one.

6a — Select your identity provider

Pick your identity provider from the list (Okta, Azure AD, Google Workspace, and others). Select identity provider in the SSO setup portal

6b — Follow the configuration steps

Work through every step the portal presents — uploading SAML metadata, mapping attributes, and any provider-specific configuration. Configuration steps in the SSO setup portal

6c — Test Single Sign-On

Once you’ve completed every step, the final step lets you Test Single Sign-On. If the test doesn’t pass, please reach out to Scope3 for support. Test Single Sign-On step in the setup portal

Step 7 — Your team can now sign in with SSO

Once the test passes, members of your organization can sign in to interchange.io with their corporate credentials. SSO active confirmation on the Account configuration page

Updating SSO configuration

After SSO is active, you can update or replace your identity provider connection at any time by returning to Account configuration → Single Sign-On (SSO) and clicking Open setup portal again.

Next steps

Authentication

Learn about API key authentication

Management UI

Manage members, API keys, and more