Documentation Index

Fetch the complete documentation index at: https://help.tritondigital.com/llms.txt

Use this file to discover all available pages before exploring further.

Set up Single Sign On (SSO)

Prev Next

You can configure your third-party identity provider to work with Triton Digital applications for single sign on (SSO). This lets your users log in to Triton Digital applications with your organization’s credentials.

To set up SSO, you will work with your Solutions Specialist at Triton Digital.

Also see:

Once set up, your users can use your company’s SSO to sign in to these Triton Digital applications:

  • TAP

  • TAP Programmatic

  • TAP Explore

  • TAP Inventory Availability

  • Podcast Metrics

  • Webcast Metrics

  • Manadge for TAP

  • Royalty Reporter

  • Omny Studio. You’ll need to do some additional steps to opt-in users.

  • Triton Settings

  • Triton Streaming Console

See users with SSO

You can see which users are set up for SSO with the External login column in the Users list.

Requirements

  • External identity provider.

  • All Triton users with the configured domain or domains authenticate with your identity provider.

  • A domain or set of domains that you own. You cannot use a third-party domain.

  • Users on third-party domains cannot authenticate with SSO, so they stay with Triton’s authentication.

Supported Identity Providers

This article covers Okta and Azure Entra ID (formerly Azure AD). But any external identity provider should be compatible if it supports OpenID Connect (OIDC) or Security Assertion Markup Language (SAML), with the following caveats:

  • Triton doesn’t support on demand or ahead-of-time provisioning via System for Cross-domain Identity Management (SCIM), or similar.

  • Users are matched based on their email address domain between the external identity provider and Triton or Omny. We look for an email claim in the response in the first instance. If that isn’t provided then we fall back based on the provider definition:

    • Azure Entra ID: UserPrincipalName (UPN)

    • SAML connection: nameId value if the format is urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress.

  • Triton requires that the email returned matches one of the domains that was configured for the external identity provider. In other words, if Triton enables the external identity provider for the domain customer1.example.com and the identity provider returns a user with an email domain of customer2.example.com, then Triton rejects the authentication attempt.

Step 1: Set up Your Identity Provider

Complete the setup of the identity provider and provide the required configuration information and the domains to be configured:

Send this information to your Triton Solutions Specialist:

  • Provider’s SAML certificate.

  • Metadata URL.

  • Email domain or domains associated with the account.

  • If you are adding SSO to Omny, please inform Triton.

If you prefer to enable SSO in phases, ask your Solutions Specialist to enable SSO for “back office” applications first, such as Triton Settings and Triton Streaming Console. You can then enable SSO for the other applications later.

Please send this information securely to Triton Digital. Use a secure method such as Bitwarden Send.

Step 2: Test SSO

After Triton has received the information about your identity provider, you can test SSO.

This step does not affect your users

Your users can continue to log in normally with their Triton credentials.

The email address from your domain must have a Triton account.

  1. In your browser, open a new private browsing window.

  2. Go to https://token.tritondigital.com/.

  3. Follow the login process.

  4. After entering your email address, the test UI should use your provider’s SSO login mechanism. For example, it’s possible that you will have to sign in to your company’s SSO.

You should not be prompted to enter the Triton password for your regular Triton login. If you get this regular Triton login prompt, please let us know:

Screenshot of the Triton password prompt, which you should not see when testing SSO.

Step 3: Enable SSO for Omny Studio

You can skip this step if you do not use Omny Studio.

For Omny Studio, see Enabling Single Sign-On for Your Organization.

This step does not affect your Omny Studio users

Your users can continue to log in normally with their Omny credentials.

After enabling SSO in Omny, inform your Triton Solutions Specialist that you are ready to move all your existing Omny users to SSO.  

Step 4: Confirm the Configuration with Triton

With a successful setup and test, Triton will enable SSO with your identity provider for the rest of the Triton applications that you use.

© 2026 Triton Digital. All rights reserved.