Using Multiple Domains with SSO

Multi-domain SSO support allows organizations to configure a single SSO connection that supports multiple email domains. This enables users from different approved company domains to authenticate through the same identity provider configuration.

Overview

Multi-domain SSO is designed for organizations that use more than one email domain but want to manage authentication through a single SSO configuration.

This is useful for organizations that:

• Operate across multiple domains (for example, company.com and subsidiary.com)
• Have merged business units or acquired companies
• Want to avoid maintaining separate SSO configurations for each domain

Once configured, users from any included domain can authenticate through the same SSO flow.

Requirements

• An active SSO configuration in LinearB
• Access to your identity provider (IdP)
• All domains must use the same identity provider configuration
• Domains must be entered in a valid domain format

How It Works in LinearB

• Multiple domains are associated with a single SSO configuration
• Domains are added in the Organization email domains field
• Configured domains are displayed as a list and can be removed individually
• During login, the user’s email domain is checked against the configured domains to determine whether SSO authentication is allowed
• All included domains use the same identity provider connection
• Authentication continues through the same SAML flow already configured for your organization
• Only users with email domains in the configured list can authenticate via SSO

Configuration

1. Go to Settings → Authentication → Single Sign-On.
2. Click Edit to modify your SSO configuration.
3. Verify that SAML Authentication is enabled.
4. In the Organization email domains field, enter a domain and click Add.
5. Repeat for each additional domain. Added domains appear as a list below the field and can be removed at any time.
6. Your primary organization domain may already be listed by default.
7. Configure access behavior for new users:
   • Access to all teams — Users are automatically granted access when they first log in.
   • No default access — Users must request access from an administrator.
8. (Optional) Enable SSO-only login to require users to authenticate through your identity provider.
9. Click Save to apply your changes.

Enter domains only (for example, company.com). Do not include full email addresses or the @ symbol.

Each domain must be entered as a valid domain string. No additional ownership verification is currently required.

Multi-domain support uses your existing SSO configuration. No separate SSO setup is required.

Scope

• Multi-domain SSO applies to authentication
• User provisioning behavior, including SCIM, is unchanged
• Role mapping and access control continue to follow your existing configuration

Limitations

• A maximum of 15 domains can be configured in a single SSO connection
• All domains must be managed under the same identity provider configuration
• Each domain must be explicitly added in LinearB
• Users with email domains that are not configured in SSO will not be able to log in

When to Use

• Organizations with more than one approved company email domain
• Post-merger environments consolidating authentication
• Teams that want centralized authentication management without separate SSO setups per domain

Troubleshooting

• If users cannot log in, verify that their email domain is included in Organization email domains
• Ensure each entry is a valid domain string
• Users attempting to log in with an unconfigured domain will be denied access

Related Articles

• Authentication, SSO, & SCIM - Start Here
• Setup Guide - Google Workspace (GSuite) SAML SSO
• Setup Guide - Microsoft Entra (formerly Azure AD) SAML SSO
• Setup Guide - Okta SAML SSO