Single Sign-On (SSO)
Single Sign-On is set on an organizational level in , allowing users in that organization to log into the with their email address that authenticates against 3rd party identity providers (IDPs). This makes it easy for users to sign into the app with the same account (domains) used to access company systems.
SSO is only applicable when signing in on the . To log in to (manage.jigx.com) the organization OWNER and ADMIN must use their accounts.
Single Sign-On requires domains to be set up and associated with an organization, to view your organization's domains, see Advanced Settings in . The following scenarios are supported.
- One or more domains can be associated with a single organization
- A domain can be associated with multiple organizations
- Use a wildcard (*) in the OAuth Configurations to reference multiple unknown domains. The OAuth configuration will be used by every account, regardless of the domain.
- Graph
- Okta
- OpenID
- Auth0
To enable the SSO configuration, at least one OAuth configuration is required. To configure OAuth, see OAuth Configurations
The table below describes the combinations possible when enabiling SSO.
- Select the Single Sign-On enabled checkbox. The configuration options show.
- Required - Click on + link to OAuth configuration to open the Choose OAuth configurations for SSO panel on the right. Select the checkboxes next to the available OAuth configurations that you want to use with SSO. If there are no available OAuth configurations in the pane go to OAuth Configurations to set one up.
- Selecting the Auto-create users after successful authentication checkbox, creates new users that sign into the with the organization's email address as a user after authenticating the user against the 3rd party identity provider.
- For to automatically create these users in an organization an email address belonging to an existing user with Admin or Owner rights must be added to the New users will be created by field, think of it as the organization's admin creating the users. By default the user who enables the Auto create users after successul authentication checkbox email address is shown in this field.
- If you want users to automatically be assigned to solutions, add the solutions to the Automatic solution assignment list. This ensures that all users that authenticate using SSO can automatically see and use the solutions as soon as they sign in. Users will also automatically be added to any existing groups in the assigned solution. Click the Add Solution button at the top right of the screen. Solutions assigned here will use the OAuth Configurations configured at an organizational level.
Once signed in to the app and the user is authenticated against the 3rd party indentity provider a Login Complete screen is shown and they can continue using the solutions in the app.
- Recommendation: Start with setting up the OAuth Configurations before enabling SSO. To enable the SSO configuration, at least one OAuth configuration is required. The save button will not be enabled if no OAuth is linked.
- Auto-provisioning users is an optional setting, but if enabled, the email address is required in the New users created by field, as well as a link to at least one solution.
- A minimum of one OAuth configuration is required for SSO to work.
- If multiple OAuth configurations are set to work with SSO, the user will be presented with a popup displaying the multiple SSO options. It is important to give the OAuth configuration a meaningful Title as this becomes the option name presented to the user on the mobile device at login.