How-tos

2 mins read

Enabling Single Sign-On (SSO)

Enable Single Sign-On to allow users to authenticate just once and use the resulting session as a proof of authentication to all applications connected to the workspace.

Enable SSO

  1. Select Identity Providers » Single Sign-On in a workspace of your choice.

  2. Enable the Persistent Session (SSO mode) option.

    Enable SSO

    Result

    Once logged into an application linked to Cloudentity, users can use that session to access all applications in the workspace without re-authenticating, as long as the session remains valid.

  3. Configure the SSO-related settings:

    Setting Description
    Session Max Age Time after which the authenticated user’s session expires, requiring them to reauthenticate.
    Session Max Idle Time Time after which an inactive user’s session expires, requiring them to reauthenticate.
    SSO cookie domain Domain where the SSO cookie is stored for authenticated users. Defaults to the authorization server’s domain if unspecified. If included, the SSO Cookie Domain is automatically added as the allowed logout redirect domain (see below).
    Allowed Logout Redirect Domains Allowed domains that applications can use to redirect users to after they log out from the application. Those domains are valid only if the redirect_to parameter is included as the part of a request to the /authorize endpoint.
    Post-Logout Redirect URL A default logout URL where user gets redirected to after they are logged out and no redirect_to parameter value is provided in the application’s request.

Next Steps

  1. Add Web Applications.

  2. Add Single Page Apps.

  3. Add Authentication Providers.

  4. Store Users in Cloudentity and Authenticate Users Using Identity Pools.

Updated: Aug 16, 2023