You can configure your third-party identity provider to work with Triton Digital applications for single sign on (SSO). This lets your users log in to Triton Digital applications with your organization’s credentials.
To set up SSO, you will work with your Solutions Specialist at Triton Digital.
Also see:
Once set up, your users can use your company’s SSO to sign in to these Triton Digital applications:
TAP
TAP Programmatic
TAP Explore
TAP Inventory Availability
Podcast Metrics
Webcast Metrics
Manadge for TAP
Royalty Reporter
Omny Studio. You’ll need to do some additional steps to opt-in users.
Triton Settings
Triton Streaming Console
See users with SSO
You can see which users are set up for SSO with the External login column in the Users list.
Requirements
External identity provider.
All Triton users with the configured domain or domains authenticate with your identity provider.
A domain or set of domains that you own. You cannot use a third-party domain.
Users on third-party domains cannot authenticate with SSO, so they stay with Triton’s authentication.
Supported Identity Providers
This article covers Okta and Azure Entra ID (formerly Azure AD). But any external identity provider should be compatible if it supports OpenID Connect (OIDC) or Security Assertion Markup Language (SAML), with the following caveats:
Triton doesn’t support on demand or ahead-of-time provisioning via System for Cross-domain Identity Management (SCIM), or similar.
Users are matched based on their email address domain between the external identity provider and Triton or Omny. We look for an email claim in the response in the first instance. If that isn’t provided then we fall back based on the provider definition:
Azure Entra ID: UserPrincipalName (UPN)
SAML connection:
nameIdvalue if the format isurn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress.
Triton requires that the email returned matches one of the domains that was configured for the external identity provider. In other words, if Triton enables the external identity provider for the domain
customer1.example.comand the identity provider returns a user with an email domain ofcustomer2.example.com, then Triton rejects the authentication attempt.
Step 1: Set up Your Identity Provider
Complete the setup of the identity provider and provide the required configuration information and the domains to be configured:
Send this information to your Triton Solutions Specialist:
Provider’s SAML certificate.
Metadata URL.
Email domain or domains associated with the account.
If you are adding SSO to Omny, please inform Triton.
If you prefer to enable SSO in phases, ask your Solutions Specialist to enable SSO for “back office” applications first, such as Triton Settings and Triton Streaming Console. You can then enable SSO for the other applications later.
Please send this information securely to Triton Digital. Use a secure method such as Bitwarden Send.
Step 2: Test SSO
After Triton has received the information about your identity provider, you can test SSO.
This step does not affect your users
Your users can continue to log in normally with their Triton credentials.
The email address from your domain must have a Triton account.
In your browser, open a new private browsing window.
Follow the login process.
After entering your email address, the test UI should use your provider’s SSO login mechanism. For example, it’s possible that you will have to sign in to your company’s SSO.
You should not be prompted to enter the Triton password for your regular Triton login. If you get this regular Triton login prompt, please let us know:

Step 3: Enable SSO for Omny Studio
You can skip this step if you do not use Omny Studio.
For Omny Studio, see Enabling Single Sign-On for Your Organization.
This step does not affect your Omny Studio users
Your users can continue to log in normally with their Omny credentials.
After enabling SSO in Omny, inform your Triton Solutions Specialist that you are ready to move all your existing Omny users to SSO.
Step 4: Confirm the Configuration with Triton
With a successful setup and test, Triton will enable SSO with your identity provider for the rest of the Triton applications that you use.