ChatGPT Team support SSO with detailed setup instructions.
However, this version does not support SCIM provisioning.
To restrict unassigned users from logging into ChatGPT Team via SSO, we have an alternative option using Conditional Access to achieve this goal.
- Navigate to the Microsoft Entra Admin Center and select your "ChatGPT WorkOS SSO" (using the name you specified) enterprise application.
- Create a new policy in the "Conditional Access" of the "Security" section and name it "ChatGPT WorkOS SSO Deny All But Excluded Policy" (or any name you like).
- Assign "All Users" and exclude the users or groups you want to allow to use the ChatGPT team.
- Select "ChatGPT WorkOS SSO" as "Target resources" to include.
- Grant Block access and turn Enable policy to "On"
That is all,
Now unassigned users may be able to log in but not access the ChatGPT team.