Help Center Help Articles Professional Support Community RMA & Warranty Downloads Tech Specs

UniFi Identity Enterprise - Add Notion as an SSO App

After adding Notion as an SSO app in Identity Enterprise, you can control who has access to Notion in Identity Enterprise Manager.

Requirements

  • Your Notion Workspace must subscribe to a Business Plan or Enterprise Plan.
  • You must be the Notion Workspace Owner and have verified at least one domain.

Add Notion to Identity Enterprise

  1. Go to your Identity Enterprise Manager > SSO Apps.
  2. Click the Add icon on the upper right corner and select Notion.
  3. Click Add. The Sign-On URL, Issuer, and Public Certificate will be displayed. Click to download the Public Certificate. Do not close the page as you'll need to copy and paste them to Notion later.

Configure SSO in Notion

  1. Sign in to Notion as an admin.
  2. Go to Settings & members > Settings.
  3. Click Allow Email Domain, remove all email domains, and click Identity & provisioning.
  4. Toggle on Enable SAML SSO. The SAML SSO Configuration window will prompt.
  5. Copy the Assertion Consumer Service (ACS) URL, you’ll need it in the next section.
  6. In the Identity Provider Details section, select Identity Provider Metadata XML, and paste the content of the public certificate downloaded from Identity Enterprise.
  7. Click Save Changes.

Configure SSO Settings in Identity Enterprise

  1. Navigate back to the Add Notion page.
  2. (Optional) Enter the SAML default relay state. It is the destination to which the user will be redirected after they have completed the authentication process at the Identity Provider (IdP).
  3. Enter your Notion Organization ID. For example, if the Assertion Consumer Service (ACS) URL you copied from Notion is https://www.notion.so/sso/saml/uime, then your Organization ID is "uime".
  4. Click Add.

Enforce SAML SSO

After setting up SAML SSO for a specific workspace, users can sign in to Notion using SAML SSO, as well as other methods like username/password and Google Authentication.

  • To enforce that users can only sign in using SAML SSO, update the Login method to Only SAML SSO. Once this change is made, all users will be signed out and must sign back in exclusively with SAML SSO.
    enforce SAML SSO
  • SAML SSO applies only to users with your verified domain who have access to the primary workspace or a linked workspace.
  • Guests invited to Notion pages can't sign in using SAML SSO; they must use their email and password or sign in with Google or Apple.

  • Notion Workspace Owners can bypass SAML SSO and sign in with their email and password. This ensures they can access Notion in case of an IdP/SAML failure, allowing them to disable or update the SAML configuration if needed.
Was this article helpful?