Authentication
Stellar supports multiple sign-in methods to fit your team's security requirements. Admins can configure which methods are available from Settings > Organization under Authentication methods. For details on managing team members and role permissions, see Team & organization management.
Sign in methodsโ
Four authentication methods are available. Admins can enable any combination, though enabling Custom SAML makes it the exclusive method and disables all others.
Email code sends a one-time code to your email address each time you sign in. No password is required; enter your email, check your inbox for the code, and you're in.
Google SSO lets you sign in with your existing Google account. If your Google Workspace enforces multi-factor authentication or other security policies, those carry over to your Stellar login.
Microsoft SSO works the same way with Azure AD and Microsoft 365 accounts. Your organization's Microsoft identity policies apply automatically.
Custom SAML enables enterprise single sign-on through identity providers like Okta, Azure AD, and OneLogin. When enabled, it replaces all other sign-in methods. Contact the Stellar team to configure SAML for your organization.
SAML SSOโ
SAML SSO is available for enterprise customers who need centralized identity management. Once configured, all authentication flows through your identity provider. Users sign in with their corporate credentials and are automatically provisioned in Stellar.
Automatic role provisioningโ
Users are created automatically on their first SAML login (just-in-time provisioning). On every subsequent login, roles sync from IdP claims so that access stays consistent with your identity provider configuration. This means role changes made in the IdP take effect the next time the user signs in.
Map roles to Stellar product scopes by adding the following claims to your SAML assertion:
| Claim | Scope |
|---|---|
stellar_voice | Voice |
stellar_email | |
stellar_analytics | Call analysis |
stellar_organization | Organization |
Each claim accepts a value of admin, editor, or viewer. Omitting an individual claim leaves that scope's role unchanged. However, at least one valid claim must be present. If your SAML assertion contains no Stellar role attributes at all, authentication will be denied.
Session managementโ
Stellar keeps you signed in through browser sessions that persist across page reloads. Sessions expire automatically after a period of inactivity, requiring you to sign in again. You can be signed in on multiple devices and browsers simultaneously.
To end your session, click your profile icon in the top-right corner and select Log out.