Enable Single Sign-On (SSO) for an Organization


You need to subscribe to Katalon TestOps Enterprise plan. To request a trial of Katalon TestOps Enterprise, see TestOps Trial Plans.

Configure Single Sign-On


  • You must be an Owner or Admin of an Organization.

  • You have configured a Subdomain. See Configure a Subdomain for an Organization.

  • You have configured Identity Provider. Your metadata is then automatically encrypted in Katalon's database.

As an Owner or Admin, you can configure SSO by following these steps:

  1. Sign in to Katalon TestOps.

  2. Go to Settings > Organization Management.

  3. Select Settings on the left bar, and scroll down to the Single Sign-On (SSO) Settings section.

  4. Switch Enable SSO to Active.

    SSO enabled input metadata

    You then can enter your Metadata.

  5. Click Update.

Enable SSO for new members and existing members

After configuring SSO, you can enable SSO for new members when inviting them to your Organization.

You can also enable SSO for the existing members of your Organization.

For a new User

To enable SSO for a new member, follow these steps:

  1. Invite a User to your Organization. See TestOps User Management.


    The Login Settings section appears on the Invite User page once you have configured SSO.

  2. Select Enable SSO in the Login Settings section, then click Invite.

    enable SSO in Invite user page

    An invitation is then sent to the User.

For an existing User

To enable SSO for an existing member, follow these steps:

  1. Go to Settings > User Management.

    The Manage Users page appears.

  2. Edit a User's account by clicking on the Pencil icon.

    The User's detail page appears.

  3. Select Enable SSO as a login option.

    enable sso pending request sent box

    A request to enable SSO is then sent to the existing User.


  • The action is pending until new members accept the invitations and existing members accept the requests.

View and manage User Authentication

View pending SSO requests

As an Owner or Admin, you can view the pending invitations and SSO requests on the Manage Users page.

pending SSO invitations

You can withdraw an invitation and request by clicking on the Trash bin icon. After confirming your action, the member will no longer be able to access the URLs.

pending SSO delete box

Update authentication methods

There are two login options: Enable SSO and Access Katalon TestOps with username & password.

You can always switch back to Access Katalon TestOps with username & password to change the authentication method.

To update the authentication method for Users, go to the User's detail page and update the login option.

Activate SSO in Katalon Studio

After configuring SSO in Katalon TestOps, you must reactivate Katalon Studio to enable SSO.

Follow these steps:

  1. Open Katalon Studio.

  2. Click on the Profile icon at the top right corner, and select Deactivate.

    The Katalon Studio Activation box appears as below.

    ks activation box
  3. Fill in the required information.

    • Server URL: enter the Subdomain you have configured (e.g., https://techwrite.katalon.io).

    • Email: enter your registered Katalon account.

    • Password: enter an API key generated in Katalon TestOps. See: API Keys.

Enable SSO as a User

If you are not an Owner or Admin of an Organization, you will receive the invitation or SSO request via email.

As a new User, accept the invitation to join the Organization first. See: TestOps User Management.

As an existing User, follow these steps:

  1. Go to your email and find the [Katalon TestOps] Verify Single Sign-On (SSO) authentication email, then click Click here to confirm in the email.

    You will be directed to Katalon TestOps and see the below message.

    user accept sso


    If you are a new User, you must accept the invitation to join an Organization first. Then you will receive the authentication email.

  2. Check the information, then click Allow this account to access Organization [...] via SSO to confirm.

    After accepting the SSO request, you are automatically navigated to the Subdomain.

    subdomain sign in using SSO
  3. Click Sign in using SSO.