Single sign-on (SSO) in Identity as a Service (IDaaS) is controlled by three settings that apply to every application: SSO status, Application account, and Authorized scope. Configure these settings before users can sign in through SSO.
For the remaining protocol-specific settings, follow the guide for your application type:
| Application template type | Protocol | Guide |
|---|---|---|
| Pre-integrated templates in the application marketplace | SAML 2.0 | Configure an application |
| Standard protocol - Security Assertion Markup Language (SAML) | SAML 2.0 | Configure SAML 2.0 SSO |
| Standard protocol - Open ID Connect (OIDC) | OIDC | Configure OIDC SSO |
| Self-developed applications | OIDC | Configure SSO for a self-developed application |
Prerequisites
Before you begin, ensure that you have:
Activated the application in IDaaS
SSO status
Application account
An application account is the unique identifier of a user within the application. When a user initiates an SSO request, IDaaS passes the application account to the application, which uses it to place the user in a logged-on state.
If the application already has existing accounts, check whether they are mapped to accounts in IDaaS. If they are not mapped, either run batch synchronization for users or create the accounts in the application before enabling SSO.
The way you configure application accounts depends on the protocol your application uses:
SAML-based applications: Configure application account rules directly in the application. See Configure accounts for a SAML-based application.
Authorized scope
What's next
After configuring these common settings, complete the protocol-specific SSO configuration for your application type using the guides in the table above.