Use Google Workspace as the single source of truth for who can sign into your workspace.
SSO lets every member of your Google Workspace sign in to SEMOptimiser with their existing Google account, without you provisioning passwords. Removing them from Google Workspace immediately revokes their SEMOptimiser access too – much safer than tracking who-has-what manually.
Don't confuse these:
This article covers the second one.
A user at yourcompany.com clicks "Sign in with Google" on the login page. Google authenticates them. They're bounced back to SEMOptimiser, which verifies their email domain matches the SSO config. If so, they're signed in. If their email isn't a member of your workspace yet, we provision them automatically with the default role.
On the CEO plan, you can also enable SCIM 2.0 so adds/removes in Google Workspace flow into SEMOptimiser automatically – no need for the user to log in once to be provisioned. Settings → Team → SCIM gives you a URL and a bearer token to paste into the Google Workspace SCIM connector.
In Settings → Team → Security, toggle "Require SSO for this workspace". From then on, password login is rejected for anyone with an email matching your SSO domain. The workspace owner is exempt (so you can't lock yourself out).
Settings → Team → Security → Disable SSO. SSO-provisioned users stay in the workspace but switch back to standard Google sign-in (no domain enforcement). Their access continues uninterrupted.
One platform. Five fewer subscriptions.
Join 1,200+ agencies and in-house teams using SEMOptimiser to replace Semrush, Ahrefs, GA4 add-ons and rank trackers – with one workflow that actually ships fixes.