Overview
There are four configuration areas, each accessible via a Configure button:- Domain Verification — prove you own your company domain
- Single Sign-On (SSO) — let crew sign in with your identity provider
- Directory Sync — automatically create and deactivate users
- Certificate Renewal — manage SAML certificates
Clicking Configure generates a link to the WorkOS Admin Portal and opens it in a new tab. Portal links expire after 5 minutes for security — if it expires, go back and click Configure again.
Domain Verification
Domain verification proves that your organization owns its email domain (e.g., yourcompany.com). This is required before you can set up SSO or directory sync.How to set it up
- Click Configure next to Domain Verification.
- The WorkOS Admin Portal opens in a new tab.
- Follow the instructions to add a DNS TXT record to your domain.
- Wait for verification (usually a few minutes, sometimes up to 24 hours depending on DNS propagation).
Single Sign-On (SSO)
Supported providers
SSO works with any SAML or OIDC identity provider, including:- Okta
- Azure AD (Microsoft Entra ID)
- Google Workspace
- OneLogin
- PingFederate
Prerequisite
Domain verification must be completed first.How to set it up
- Click Configure next to Single Sign-On (SSO).
- The WorkOS Admin Portal opens.
- Select your identity provider from the list.
- Follow the provider-specific instructions (typically involves copying metadata URLs and configuring attribute mappings).
- Test the connection.
Directory Sync
What it does
Directory sync connects your identity provider’s user directory to SeaMind. When you add, update, or deactivate someone in your identity provider, those changes automatically appear in SeaMind.- New user in directory — crew member appears in SeaMind
- User deactivated in directory — crew member status changes to Suspended
- User details updated — changes reflect in SeaMind
How to set it up
- Click Configure next to Directory Sync.
- The WorkOS Admin Portal opens.
- Select your directory provider and follow the setup instructions.
- Assign which groups should sync to SeaMind.
Important notes
- Directory sync runs automatically. You don’t need to manually add crew members.
- Deactivating a user in your directory suspends them in SeaMind — it doesn’t delete their data.
- Role changes (admin vs member) are managed in your identity provider, not in SeaMind.
Certificate Renewal
When you need it
SAML certificates have expiration dates (typically 1-3 years). When a certificate is about to expire, you need to renew it to prevent SSO from breaking.How to renew
- Click Configure next to Certificate Renewal.
- The WorkOS Admin Portal opens.
- Follow the renewal instructions — this usually involves generating a new certificate and updating it in your identity provider.
FAQ
How do I make someone an admin?
How do I make someone an admin?
Admin status is managed in your identity provider, not in SeaMind. Update the user’s role or group membership in Okta, Azure AD, or whichever provider you use. The change syncs to SeaMind automatically.
How do I remove a crew member?
How do I remove a crew member?
Deactivate them in your identity provider. Directory sync will update their status to Suspended in SeaMind. Their training records are preserved.
I don't see the Configure button. What's wrong?
I don't see the Configure button. What's wrong?
The portal link expired. What do I do?
The portal link expired. What do I do?
Go back to the Identity page and click Configure again. Each click generates a fresh 5-minute link.