Skip to main content

Enabling Single Sign-On (SSO)

Enable Single Sign-On to allow users to authenticate just once and use the resulting session as a proof of authentication to all applications connected to the workspace.

Enable SSO

  1. In the target workspace, from the left sidebar, go to Authentication > Settings > Persistence.

  2. Select the Persistent Session (SSO mode) option.

    Enable SSO

  3. In the Session Lifetime section, use the following settings to manage session behavior:

    Setting

    Description

    Session Max Age

    Set the time after which a user's session expires, requiring reauthentication.

    Session Max Idle Time

    Dfine the time after which an inactive session expires, requiring reauthentication.

    SSO cookie domain

    Define the domain for the SSO cookie of logged-in users. If empty, it adopts the authorization server's domain. When set, this domain is also allowed for logout redirects.

    Allowed Logout Redirect Domains

    List domains where applications can redirect users after logout. These domains are valid only if the redirect_to parameter is included in a request to the /authorize endpoint.

    Post-Logout Redirect URL

    Set a default URL to redirect users after logout if the application request doesn’t include a redirect_to parameter.

Result: After logging into an application through SecureAuth, users can access all workspace applications without reauthenticating, as long as the session remains valid.

Next Steps

  1. Add Web Applications

  2. Add Single Page Apps

  3. Add Authentication Providers

  4. Store Users in SecureAuth and Authenticate Users Using Identity Pools

In this section: