Skip to main content

Setting up viewer authentication for your published page

Understanding SSO, SAML & JWT authentication methods

Chelsea Davis avatar
Written by Chelsea Davis
Updated yesterday

Summary

Viewer authentication controls who can see the announcements you publish on your LaunchNotes page. When you make your page private, viewers must authenticate before accessing your content. Choose the authentication method (SSO, SAML, JWT) that matches how your customers or users already manage their identity.

(ex: control who has access to view your updates page)

Understanding your options

LaunchNotes offers three authentication methods, each designed for different use cases:

  • SSO (All plans) - Quick team access using Google/Microsoft Workspace credentials. LaunchNotes handles both authentication and authorization by verifying identities through Google and Mircrosoft and checking email domains against your allowed list. Setup takes just a few minutes.

  • JWT (All plans) - Custom authentication for embedded integrations. You control authorization by deciding who receives tokens, while LaunchNotes handles authentication by verifying those tokens. Ideal when embedding LaunchNotes content in your application.

  • SAML (Premium Plans) - Enterprise-grade security where your identity provider (like Okta, Azure AD, or OneLogin) controls both authentication and authorization. Your IT team manages who can access LaunchNotes through centralized policies, compliance controls, and audit trails.

Setting up SSO

SSO allows team members to sign in with their Google or Microsoft Workspace credentials:

  1. Open your LaunchNotes workspace

  2. Navigate to Settings > Security

  3. Locate SSO and click Select SSO

  4. Click Go to authorization

  5. Click Add allowed email domain and enter your organization's domain

Important: Team members must have a Google or Microsoft account with an email domain that matches your allowed domains. Existing team members will receive an email notification when SSO is enabled.

Setting up JWT authentication

JWT authentication is ideal for embedding LaunchNotes content in your application while maintaining your own user authentication system.

Use cases for JWT

  • Embedding your LaunchNotes feed directly in your application

  • Showing personalized content based on your users' attributes

  • Maintaining a seamless user experience without requiring separate login

Configuration steps

  1. Navigate to Settings > Security > Authentication

  2. Select JWT

  3. Copy the JWT Secret that was auto-generated for you

  4. Configure your token payload with required claims:

    • sub (subject) - User identifier

    • aud - Project ID

    • iat - Timestamp when the token was created

    • exp (expiration) - Token expiration timestamp (required, sets token lifetime)

  5. Implement JWT signing in your application using the shared secret

  6. Pass the signed token when embedding LaunchNotes content

Deep dive on JWT installation:

JWT authentication for Private pages

Security best practices

  • Set reasonable expiration times (shorter is better for security)

  • Rotate your signing secret periodically

  • Validate tokens server-side before generating them

For more technical details, visit jwt.io.

Setting up SAML authentication

SAML provides enterprise-grade single sign-on through your organization's identity provider:

Why choose SAML?

  • Centralized access control - Manage all user access from your identity provider

  • Enhanced security - Enforce multi-factor authentication and conditional access policies

  • Compliance - Meet SOC 2, HIPAA, or other regulatory requirements

  • Audit trails - Track authentication events through your identity provider

  • Automatic provisioning - Add and remove user access instantly when team members join or leave

Supported identity providers

  • Okta

  • Azure Active Directory

  • Google Workspace

  • OneLogin

  • Auth0

  • Any SAML 2.0 compliant identity provider

Installation

SAML authentication is available on Premium plans. Contact [email protected] to discuss upgrading and installing.

Two-factor authentication (2FA)

LaunchNotes doesn't offer built-in two-factor authentication. However, when using SAML authentication, you can enforce 2FA and other conditional access policies through your identity provider. This gives you centralized control over authentication security requirements.

Notes & important info

  • Authentication vs. Authorization: Different methods split these responsibilities differently. SSO and SAML handle both through their respective systems. JWT splits them - you control who gets tokens (authorization), and LaunchNotes verifies those tokens (authentication).

  • Plan requirements: SSO and JWT are available on all plans. SAML requires a Premium plan.

  • Multiple authentication methods: You can enable multiple methods simultaneously. Team members can use whichever authentication method works best for them, though many organizations prefer to standardize on SAML for security and compliance reasons.

Related Articles
JWT (JSON Web Token) authentication installation instructions
Organize announcements so the right customers see your updates
Managing access to your LaunchNotes published page
Understanding authentication in LaunchNotes
Setting up admin access to LaunchNotes workspace
Did this answer your question?