Skip to content

Auth providers

Email OTP, Google Workspace SSO, and Microsoft Entra ID SSO.

On this page

Display.dev supports several authentication paths. Every organization has email OTP enabled by default; SSO (Google + Microsoft) is opt-in per organization on the Pro plan and above. SAML is available to Enterprise organizations.

Email OTP

OTP is the default path for any user whose email isn't routed to an enabled SSO provider:

  1. Enter your email.
  2. Display.dev sends a 6-digit code to that address.
  3. Enter the code; the session is signed in.

The same flow works for the CLI (dsp login) and the dashboard. Once your organization enables Google or Microsoft SSO for a verified domain, sign-ins from that domain are routed through the SSO provider instead of OTP.

Google Workspace SSO

To enable Google Workspace SSO for your organization:

  1. From the dashboard, open Settings → Authentication → Google.
  2. Confirm the verified domain you want to gate. Only members with email addresses at that domain can use the SSO flow.
  3. Click "Enable Google SSO".

Once enabled, future sign-ins from @yourcompany.com addresses are routed through Google's OAuth flow. Existing OTP sessions stay active until they expire.

Microsoft Entra ID SSO

The Microsoft Entra ID flow needs your Entra Directory ID (some Azure portal screens label the same value as "Tenant ID"). To find it:

  1. Open the Azure portal.
  2. Navigate to Microsoft Entra ID.
  3. The Directory ID is shown on the overview page.

In Display.dev, open Settings → Authentication → Microsoft and paste the Directory ID. Display.dev validates the directory against Microsoft, then enables the SSO flow for any address whose Entra directory matches.

SAML (Enterprise)

SAML SSO is available on the Enterprise plan only and is configured by Display.dev support during onboarding. If your organization needs SAML, contact sales — the integration covers identity-provider metadata exchange, group / role mapping, and just-in-time provisioning.

Account linking

If a user has an OTP session and then signs in via SSO with the same email, both credentials link to the same Display.dev user. Subsequent sign-ins through either path land in the same organization and history.

If two different SSO providers are enabled for the same domain (rare; usually a misconfiguration during migration), the most recently enabled provider takes precedence.

Was this page helpful?