All Products
Search

This Product

    Identity as a Service:Configure SSO

    Document Center

    Identity as a Service:Configure SSO

    Last Updated:Jun 16, 2023

    This topic describes how to configure single sign-on (SSO) in IDaaS.

    You must configure SSO before you can implement SSO.

    This topic describes the following SSO configuration items (all parts of the Sign-In tab) that are common to all applications:

    • SSO status

    • Application account

    • Authorization scope

    For more information about the configuration steps, see the documentation for different application templates.

    Application template type

    Protocol

    References

    Pre-integrated templates in the application marketplace

    SAML 2.0

    3. Create an application

    Standard protocol - Security Assertion Markup Language (SAML)

    SAML 2.0

    Configure SSO for an SAML 2.0-based application

    Standard protocol - Open ID Connect (OIDC)

    OIDC

    Configure SSO for an OIDC-based application

    Custom applications

    OIDC

    Configure SSO for a custom application

    SSO status

    image

    When an application is activated, all features of the application are disabled. For your ease of configuration, the SSO status is automatically changed to Enabled. You must click Save to make the change take effect.

    Applications whose SSO feature is disabled are not displayed in the user portal.

    Application account

    An application account is the unique identifier of a user in the application. When a user initiates an SSO request to an application, IDaaS passes the application account to the application. Then, the application puts the account in the logged-on state to implement SSO.

    Therefore, if the application has existing accounts, check whether these accounts are mapped to the accounts in IDaaS. If not, perform batch synchronization for users or create accounts in the application in advance.

    For applications that use the SAML protocol, you can configure application account rules in the applications. For more information, see Configure accounts for an SAML-based application.

    For OIDC-based applications or custom applications, IDaaS passes relevant values in id_tokn. For more information, see Enter OIDC id_token extended values.

    Authorization scope

    image

    You can select one of the options to specify the users who can access the application.

    Option

    Description

    All Users

    All accounts in IDaaS can access the application without additional authorization.

    Manually

    You must specify the organizations and accounts that can access the application on the Authorize tab of the application. For more information, see Grant access to an application.