If you want to enable single sign-on (SSO) authentication for your organization, you need to set up the following:
- Create an authentication domain, a unique identifier that links the identity provider to the devices that can use it.
- Associate the auth domain with your company’s Org Profile.
- Add attributes for the auth domain, including URLs for authorization, tokens, and logout. You obtain this information from your identity provider.
- Add the client ID and secret registered with the identify provider.
Once configured, you can update user profiles to associate them with the authentication domain.
Create an auth domain for your organization
- From the Remote Access menu, select the Org Profile icon to open the Org Profile page.
.png)
- In the Auth Domain section, select + Add Auth Domain.
- Complete the required fields:
- Name: Provide a unique name for the auth domain (e.g., Google), which will be used in the redirect URL.
- Display Name: Enter a name that users will easily recognize (e.g., Google).
- Protocol: Select OIDC (OpenID Connect), the supported authentication protocol.
- Scope: Choose LOCAL to apply authentication to this org only, or MULTILEVEL for both the org and its sub-organizations.
- Description: Add a brief description (e.g., Google OAuth).
- Choose whether to enable or disable this auth domain as the default.
- Select Submit.
Once submitted, the auth domain appears in the Auth Domain section of the Org Profile.
Add auth domain attributes
To add or update auth domain attributes:
- From the Remote Access menu, select the Org Profile icon to open the Org Profile page.
- In the Auth Domain section, select Edit for the domain you want to update.
- In the Edit Auth Domain dialog, expand the Additional Attributes section.
- Enter URLs for authorization, token, and logout (provided by your identity provider).
- Add the client ID and secret that have been registered with your identity provider.
- Select Submit.