When you are deciding on whether you should create a Single Sign-on (SSO) endpoint at the account level or the site level, the following questions will help you decide.
Do you want Admins/Contributors to log into the Content Management and Admin areas via SSO?
Configure Single-Sign on for the Content and Admin Centers
Do you also want end users (e.g. customers/employees) to view the published ScreenSteps site via Single Sign-on?
Configure the site to use Account domain as the Identity Provider. This will allow users to access the site if they are logged into the Identify Provider that is used to log users into your ScreenSteps account domain.
If the site you want end users to access is not the Primary Site for your account then you can use the default ScreenSteps username/password Identity Provider for the site.
If the site you want end users to access is the Primary Site for the account then the site must have a vanity domain associated with it in order to use a different Identity Provider than the Content Management and Admin Centers. This is because an Identity Provider is configured for each unique domain and the Content Management and Admin Centers share the same ScreenSteps subdomain as the Primary Site by default. If you add a vanity domain to the Primary Site then they will have different domains and the Identify Provider can be customized.
Configure Single Sign-on for the site
If the site you want end users to access is not the Primary Site for your account then you can set up Single Sign-on as the Identity Provider for the site.
If the site you want end users to access is the Primary Site for the account then the site must have a vanity domain associated with it in order to use a different Identity Provider than the Content Management and Admin Centers. This is because an Identity Provider is configured for each unique domain and the Content Management and Admin Centers share the same ScreenSteps subdomain as the Primary Site by default. If you add a vanity domain to the Primary Site then they will have different domains and the Identify Provider can be customized.