As an administrator, youβre responsible for securing your teamβs access, starting with who can join and how they sign in.
SAML SSO vs. Email Domain Authentication
Mistral AI supports two secure, scalable sign-in methods:
Email Domain Authentication β anyone with your verified company domain (for example,
@company.com
) can create an account and join your Organization without manual invites.Single Sign-On (SAML SSO) π (Enterprise only) β users sign in with their corporate credentials via your company IdP.
π Both methods simplify onboarding and reduce manual work. You can switch methods at any time, or fall back to email/password with manual invites.
π Want to keep using manual invites? See how to batch-invite your users.
Prerequisite (for both)
Before enabling either option, you must first verify your company domain.
Choose your sign-in method
Once your domain is verified, enable one of the following:
Enable SAML SSO (Enterprise) π What is SSO and how do I enable it?
Enable Email Domain Authentication π What is Email Domain Authentication and how do I enable it?
π¨ Keep the DNS TXT record you used for domain verification in place. Removing it can break Domain Authentication and SSO.
Next steps
Now that youβve set up Organization authentication, the next step is to manage users β roles, seats, and permissions.