Skip to main content

Enabling Single Sign-On (SSO)

Enable Single Sign-On to allow users to authenticate just once and use the resulting session as a proof of authentication to all applications connected to the workspace.

Enable SSO

  1. Select Authentication > Settings > Persistence in a workspace of your choice.

  2. Enable the Persistent Session (SSO mode) option.

    Enable SSO

    Result: Once logged into an application linked to SecureAuth, users can use that session to access all applications in the workspace without re-authenticating, as long as the session remains valid.

  3. Configure the SSO-related settings:

    Setting

    Description

    Session Max Age

    Time after which the authenticated user's session expires, requiring them to reauthenticate.

    Session Max Idle Time

    Time after which an inactive user's session expires, requiring them to reauthenticate.

    SSO cookie domain

    Domain where the SSO cookie is stored for authenticated users. Defaults to the authorization server's domain if unspecified. If included, the SSO Cookie Domain is automatically added as the allowed logout redirect domain (see below).

    Allowed Logout Redirect Domains

    Allowed domains that applications can use to redirect users to after they log out from the application. Those domains are valid only if the redirect_to parameter is included as the part of a request to the /authorize endpoint.

    Post-Logout Redirect URL

    A default logout URL where user gets redirected to after they are logged out and no redirect_to parameter value is provided in the application's request.

Next Steps

  1. Add Web Applications

  2. Add Single Page Apps

  3. Add Authentication Providers

  4. Store Users in SecureAuth and Authenticate Users Using Identity Pools

In this section: