SSO Configuration

You can use the SSO Configuration application for configuring Single Sign-On (SSO) based on SAML or OIDC.

Single Sign-On (SSO) is an authentication method where you can use only one set of credentials to access multiple applications and websites. To implement SSO, two of the widely used protocols are Security Assertion Markup Language (SAML) and OpenID Connect (OIDC).

SAML is an open standard used for authentication and authorization, which transfers data between your Identity Provider (IdP) and Service Provider (SP). The IdP authenticates the user's credentials and sends these details to the SP. The SP provides the user the access to the required resources.

OIDC is a simple identity layer on top of the OAuth 2.0 protocol. It enables you to verify the identity of the end user based on the authentication performed by an Authorization Server.

You can use the SSO Configuration application in Console to configure SSO based on SAML or OIDC.

When you login into the SSO Configuration application of Console for the first time, you can choose to either configure SAML or OIDC.

Note: By default, the SSO Configuration application requires the ROLE_ADMIN_TENANT role for accessing it. You must be a Tenant Administrator to perform the SSO configuration for other users. However, you may also create a custom role with access to SSO resources and grant this role to your security administrator to manage the SSO configuration.

For more information about configuring SAML, see SSO Configuration Based on SAML. For more information about configuring OIDC, see SSO Configuration Based on OIDC.