The Phrase Localization Platform supports single login to the different Phrase products through a single login or signup page. Go to https://eu.phrase.com (for EU data centers) or https://us.phrase.com (for US data center) to sign up or login via the Platform.
New users signing up to the Platform as well as existing Phrase users can navigate among all available products within the Platform Dashboard, without individual authentication to each of them.
Once logged in to the Platform, select the Platform user profile.
dropdown menu in the top left corner to switch among all subscribed products as required. The product switcher is also available within each product interface for all users with aUsers can be members of different and multiple Phrase organizations and switch among them as required.
Product access requirements
-
Access to products is defined by purchased plan
-
Phrase TMS and Phrase Strings
-
User invitation
-
-
Phrase Orchestrator
-
Access to TMS or Strings
-
-
Phrase Custom AI, Phrase Language AI and Phrase Analytics
-
Access to TMS
-
Administrator or Project manager role in TMS
-
Note
For more information about pricing of Phrase TMS, Phrase Strings, various add-ons and success plans, visit Phrase pricing page.
Existing TMS or Strings users can log in through the Platform login page by entering username and password or via Platform SSO.
In case of login issues, try these troubleshooting steps:
-
Try incognito mode
As a first step, open an incognito window (anonymous mode of the browser) and attempt to log in. If successful, clear the browser cache, cookies, and browsing history related to Phrase sites.
-
Verify credentials
If clearing the cookies and cache does not work, ensure correct login credentials are used.
-
If multiple accounts exist in Phrase, enter the username instead of the email address.
-
Ensure login to the correct data center.
-
-
Reset the password
If the password is forgotten, click Forgot password? on the login page and follow the reset password flow.
After resetting the password, ensure the browser does not autofill login fields with outdated credentials. Confirm that the keyboard is set to the correct language to avoid incorrect input of credentials.
-
Switch organizations (if applicable)
An account may be associated with multiple organizations. If logged into the incorrect one, switch organizations.
The Phrase Platform supports social login via the following social providers:
-
Google
-
Microsoft
-
GitHub
Go to https://eu.phrase.com or https://us.phrase.com to sign up or log in by connecting the desired social account. Legacy TMS or Strings social accounts are also supported to log in to the Phrase Platform.
Logged-in users can connect or disconnect their Phrase profile to one of the available social providers in the user profile settings.
Social signup or login is not available for users that have been invited to join a Phrase organization:
-
New users can sign up by providing their username and password or via SSO in the Phrase Platform signup page.
Once logged in, go to the Platform's user profile settings to enable social login via the desired social provider.
-
Existing users that have been invited to join another Phrase organization must restore their password in order to accept the invitation.
Once the password is restored, log in using the existing social account connection.
Single Sign-on (SSO) allows Platform users to log in via third-party applications. The Phrase Platform enables integrations with identity providers (IdPs) compliant with SCIM 2.0 and the SAML 2.0 protocol.
Users have access as long as they are logged into the organization IdP system.
By default, users can log in to the Phrase Platform via both SSO and through existing username and password credentials. If required, SSO usage can be enforced to restrict the ability to log in using username and password.
uniqueID parameter
The SSO login page supports the uniqueId
URL parameter that pre-fills the Unique Global Identifier for users. Placing a string into this parameter causes the Unique Identifier field to be pre-filled for the user.
Example:
Customers can bookmark the URL with this parameter in their browser so the don't have to remember this ID value to start the SSO login.
SSO setup should be performed by IT administrators with admin access to the chosen IdP.
To set up SSO, follow these steps:
-
Select Settings/Organization from the profile icon at the top right of the page.
The
page opens and the tab is presented. -
Select the Enable SSO.
tab and clickSSO configuration page is displayed.
-
Fill in the
section:-
Provide a unique identifier (e.g. the organization name or a random string) in the
field.Organization users will be required to use the unique identifier when logging into the Phrase Platform.
-
Select the required option from the Identifier type dropdown:
:
Platform users are matched to IdP user identities by username. NameID format attribute is used to match users:
urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
:
Platform users are matched to IdP user identities by email. NameID format attribute is used to match users:
urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
-
-
Use information provided by the IdP to fill in required fields in the Save.
section, then clickFields in the
section are automatically populated. -
Copy the links provided in the
section and enter them in your IdP's SAML setup.
Note
Signing the SAML response is required to successfully set up Platform SSO.
More information can be found in the documentation specific to the IdP (e.g. Certificate signing options through Microsoft Azure AD).
Selecting
forces users to use SSO to sign in.Requiring users to sign in with SSO prevents users who did not log in via SSO previously from accessing the organization.
If an external collaborator requires access outside of SSO, select the
option.Options:
-
-
-
Provide identifiers and identifier type and click Save.
User auto-provisioning handles only company-managed users in Phrase, not self-registered users.
Phrase Platform supports two types of user provisioning using SAML/SSO features to automate access to the Platform applications:
-
Just-in-Time (JIT)
-
SCIM
New users are created automatically in the Platform organization once they are provisioned access to Phrase in the chosen identity provider (IdP).
All new users are created as members of the relevant Platform organization and do not have access to any of the products by default. The Platform organization's owner or administrator will have to invite them to the required product separately.
Created users are required to confirm their binding to the organization. To do this, an email with a verification link is sent to the provisioned user. Prior to verification, the user is not allowed to log in with SSO.
Note
To skip binding confirmation, contact the dedicated Customer Success Manager.
Provisioned users are not allowed to change their Phrase credentials, as these are managed in the IdP.
To enable or disable auto-provisioning, collaboration with Phrase Technical Support is required to ensure proper configuration and prevent potential issues, such as duplicate accounts or unassigned users.
For a smooth setup and ongoing management of users, the following best practices are recommended:
-
Start with a small test.
Before rolling out auto-provisioning to the entire organization, it is recommended to provision a small group of users to verify that everything is functioning correctly.
-
Assign all users via Identity Provider (IdP).
After a successful test, assign all users to the Phrase application through the IdP. SCIM will then automate provisioning and user updates across the organization.
-
Convert existing users to company-managed users.
Contact Phrase Technical Support to convert current users to company-managed users. SCIM can only update and delete users marked as company-managed, making this step essential.
-
Assign pre-SCIM users to the organization via IdP.
Users added before enabling SCIM auto-provisioning must be assigned to the organization through the IdP. Failing to assign them may result in their deletion during SCIM synchronization.
Just-in-Time (JIT) provisioning is a SAML protocol based method that is used to create users the first time they log in to an application through SAML SSO. This eliminates the need to provision users or create user accounts manually and all created users have automatic access to that organization's products.
JIT provisioning configuration should be performed by IT administrators with admin access to the chosen IdP.
To configure JIT provisioning through SAML SSO, follow these steps:
-
Select Settings/Organization from the profile icon at the top right of the page.
The
page opens and the tab is presented. -
Select the
tab.SSO configuration page is displayed.
-
Scroll down to Contact support to enable the configuration settings.
and selectNote
SAML auto-provisioning and SCIM cannot be enabled at the same time.
-
Once the settings are enabled, select SAML Auto-provisioning (Just in time) from the dropdown.
-
Use the attributes in the
table to map attributes from IdP to data in Phrase.This is needed to ensure the users data is aligned between the two systems.
-
Click Save.
Configuration is saved.
The SCIM protocol is an application-level standard that enables secure management and exchange of identity data across domains.
Supported SCIM functionality:
-
Create company-managed user
-
The user is provisioned to all applications that are active in their Platform organization.
-
The user has Linguist role in Phrase TMS and Translator role in Phrase Strings.
-
A SCIM-created user identity cannot be merged with an existing one. Only fresh identities are supported.
-
-
Edit company-managed user attributes
Editing attributes in the IdP is reflected in the Phrase Platform.
-
Delete company-managed user
-
When IdP sends a user deletion request, that user will be deleted from the Phrase platform.
-
If an SCIM-managed user is a member of multiple organizations, the deletion request from one organization will remove their membership from that organization. Only after receiving a deletion request from the last organization they are a member of will that user be completely removed from the platform.
-
Note
Due to continuous improvements, the user interface may not be exactly the same as presented in the video.
SCIM configuration should be performed by IT administrators with admin access to the chosen IdP.
To configure SCIM properties, follow these steps:
-
Select Settings/Organization from the profile icon at the top right of the page.
The
page opens and the tab is presented. -
Select the
tab.SSO configuration page is displayed.
-
Scroll down to Contact support to enable the configuration settings.
and selectNote
SAML auto-provisioning and SCIM cannot be enabled at the same time.
-
Once the settings are enabled, select SCIM from the dropdown.
SCIM configuration details are presented.
-
Enter the desired
to use in the encoding.Note
The
is required due to the Phrase Platform architecture where multiple organizations can use SCIM. The organization ID is encoded in the security token to prevent the use of UID in the URL.The
field is populated with a unique token. -
Copy the token and the
.These will be used in the identity provider settings.
-
Click Save.
Configuration is saved.