The Phrase Localization Platform supports single login to the different Phrase products through a single login or signup page. Go to https://eu.phrase.com (for EU data centers) or https://us.phrase.com (for US data center) to sign up or login via the Platform.
New users signing up to the Platform as well as existing Phrase users can navigate among all available products within the Platform Dashboard, without individual authentication to each of them.
Once logged in to the Platform, select the Platform user profile.
dropdown menu in the top left corner to switch among all subscribed products as required. The product switcher is also available within each product interface for all users with aUsers can be members of different and multiple Phrase organizations and switch among them as required.
Product access requirements
Access to products is defined by purchased plan
-
Phrase TMS and Phrase Strings
User invitation
-
Phrase Orchestrator
Access to TMS or Strings
-
Phrase Custom AI, Phrase Language AI and Phrase Analytics
Access to TMS
Administrator or Project manager role in TMS
Note
For more information about pricing of Phrase TMS, Phrase Strings, various add-ons and success plans, visit Phrase pricing page.
Existing TMS or Strings users can log in through the Platform login page by entering username and password or via Platform SSO.
The Phrase Platform supports social login via the following social providers:
Google
Microsoft
GitHub
Go to https://eu.phrase.com or https://us.phrase.com to sign up or log in by connecting the desired social account. Legacy TMS or Strings social accounts are also supported to log in to the Phrase Platform.
Logged-in users can connect or disconnect their Phrase profile to one of the available social providers in the user profile settings.
Social signup or login is not available for users that have been invited to join a Phrase organization:
-
New users can sign up by providing their username and password or via SSO in the Phrase Platform signup page.
Once logged in, go to the Platform's user profile settings to enable social login via the desired social provider.
-
Existing users that have been invited to join another Phrase organization must restore their password in order to accept the invitation.
Once the password is restored, log in using the existing social account connection.
Single Sign-on (SSO) allows Platform users to log in via third-party applications. The Phrase Platform enables integrations with identity providers (IdPs) compliant with SCIM 2.0 and the SAML 2.0 protocol.
Users have access as long as they are logged into the organization IdP system.
By default, users can log in to the Phrase Platform via both SSO and through existing username and password credentials. If required, SSO usage can be enforced to restrict the ability to log in using username and password.
uniqueID parameter
The SSO login page supports the uniqueId
URL parameter that pre-fills the Unique Global Identifier for users. Placing a string into this parameter causes the Unique Identifier field to be pre-filled for the user.
Example:
Customers can bookmark the URL with this parameter in their browser so the don't have to remember this ID value to start the SSO login.
SSO setup should be performed by IT administrators with admin access to the chosen IdP.
To set up SSO, follow these steps:
-
Select Settings/Organization from the profile icon at the top right of the page.
The
page opens and the tab is presented. -
Select the Enable SSO.
tab and clickSSO configuration page is displayed.
-
Fill in the
section:-
Provide a unique identifier (e.g. the organization name or a random string) in the
field.Organization users will be required to use the unique identifier when logging into the Phrase Platform.
-
Select the required option from the Identifier type dropdown:
:
Platform users are matched to IdP user identities by username. NameID format attribute is used to match users:
urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
:
Platform users are matched to IdP user identities by email. NameID format attribute is used to match users:
urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
-
-
Use information provided by the IdP to fill in required fields in the Save.
section, then clickFields in the
section are automatically populated. Copy the links provided in the
section and enter them in your IdP's SAML setup.
Note
Signing the SAML response is required to successfully set up Platform SSO.
More information can be found in the documentation specific to the IdP (e.g. Certificate signing options through Microsoft Azure AD).
Selecting
forces users to use SSO to sign in.Requiring users to sign in with SSO will prevent users who didn't log in via SSO previously from accessing the organization. Users will also be removed from organizations and will no longer be associated with earlier projects and jobs.
Phrase Platform supports two types of user provisioning using SAML/SSO features to automate access to the Platform applications:
Just-in-Time (JIT)
SCIM
New users are created automatically in the Platform organization once they are provisioned access to Phrase in the chosen identity provider (IdP).
All new users are created as members of the relevant Platform organization and do not have access to any of the products by default. The Platform organization's owner or administrator will have to invite them to the required product separately.
Created users are required to confirm their binding to the organization. To do this, an email with a verification link is sent to the provisioned user. Prior to verification, the user is not allowed to log in with SSO.
Note
To skip binding confirmation, contact the dedicated Customer Success Manager.
Provisioned users are not allowed to change their Phrase credentials, as these are managed in the IdP.
Just-in-Time (JIT) provisioning is a SAML protocol based method that is used to create users the first time they log in to an application through SAML SSO. This eliminates the need to provision users or create user accounts manually and all created users have automatic access to that organization's products.
JIT provisioning configuration should be performed by IT administrators with admin access to the chosen IdP.
To configure JIT provisioning through SAML SSO, follow these steps:
-
Select Settings/Organization from the profile icon at the top right of the page.
The
page opens and the tab is presented. -
Select the
tab.SSO configuration page is displayed.
-
Scroll down to Enable auto-provisioning SAML.
and selectNote
SAML auto-provisioning and SCIM cannot be enabled at the same time.
-
Use the attributes in the
table to map attributes from IdP to data in Phrase.This is needed to ensure the users data is aligned between the two systems.
-
Click Save.
Configuration is saved.
The SCIM protocol is an application-level standard that enables secure management and exchange of identity data across domains.
Supported SCIM functionality:
-
Create user
The user is provisioned to all applications that are active in their Platform organization.
The user has Linguist role in Phrase TMS and Translator role in Phrase Strings.
A SCIM-created user identity cannot be merged with an existing one. Only fresh identities are supported.
-
Edit user attributes
Editing attributes in the IdP is reflected in the Phrase Platform.
-
Delete user
When IdP sends a user deletion request, that user will be deleted from the Phrase platform.
If an SCIM-managed user is a member of multiple organizations, the deletion request from one organization will remove their membership from that organization. Only after receiving a deletion request from the last organization they are a member of will that user be completely removed from the platform.
Note
Due to continuous improvements, the user interface may not be exactly the same as presented in the video.
SCIM configuration should be performed by IT administrators with admin access to the chosen IdP. To configure SCIM properties, follow these steps:
-
Select Settings/Organization from the profile icon at the top right of the page.
The
page opens and the tab is presented. -
Select the
tab.SSO configuration page is displayed.
-
Scroll down to Enable SCIM.
and selectSCIM configuration details are presented.
Note
SAML auto-provisioning and SCIM cannot be enabled at the same time.
-
Enter the desired
to use in the encoding.Note
The
is required due to the Phrase Platform architecture where multiple organizations can use SCIM. The organization ID is encoded in the security token to prevent the use of UID in the URL.The
field is populated with a unique token. -
Copy the token and the
.These will be used in the identity provider settings.
-
Click Save.
Configuration is saved.