Skip to main content

Configure Sign-in options (SSO / Domain Authentication)

Updated yesterday

As an administrator, you’re responsible for securing your team’s access, starting with who can join and how they sign in.

SAML SSO vs. Email Domain Authentication

Mistral AI supports two secure, scalable sign-in methods:

  • Email Domain Authentication β€” anyone with your verified company domain (for example, @company.com) can create an account and join your Organization without manual invites.

  • Single Sign-On (SAML SSO) πŸ”’ (Enterprise only) β€” users sign in with their corporate credentials via your company IdP.

πŸ”‘ Both methods simplify onboarding and reduce manual work. You can switch methods at any time, or fall back to email/password with manual invites.

πŸ”Ž Want to keep using manual invites? See how to batch-invite your users.

Prerequisite (for both)

Before enabling either option, you must first verify your company domain.

Choose your sign-in method

Once your domain is verified, enable one of the following:

🚨 Keep the DNS TXT record you used for domain verification in place. Removing it can break Domain Authentication and SSO.

Next steps

Now that you’ve set up Organization authentication, the next step is to manage users β€” roles, seats, and permissions.

Did this answer your question?