Enabling Single Sign-On (SSO)

Enable Single Sign-On to allow users to authenticate just once and use the resulting session as a proof of authentication to all applications connected to the workspace.

Enable SSO

1. In the target workspace, from the left sidebar, go to Authentication > Settings > Persistence.

2. Select the Persistent Session (SSO mode) option.

   

3. In the Session Lifetime section, use the following settings to manage session behavior:

   Setting	Description
   Session Max Age	Set the time after which a user's session expires, requiring reauthentication.
   Session Max Idle Time	Dfine the time after which an inactive session expires, requiring reauthentication.
   SSO cookie domain	Define the domain for the SSO cookie of logged-in users. If empty, it adopts the authorization server's domain. When set, this domain is also allowed for logout redirects.
   Allowed Logout Redirect Domains	List domains where applications can redirect users after logout. These domains are valid only if the redirect_to parameter is included in a request to the /authorize endpoint.
   Post-Logout Redirect URL	Set a default URL to redirect users after logout if the application request doesn't include a redirect_to parameter.

Result: After logging into an application through SecureAuth, users can access all workspace applications without reauthenticating, as long as the session remains valid.

Next Steps

1. Add Web Applications

2. Add Single Page Apps

3. Add Authentication Providers

4. Store Users in SecureAuth and Authenticate Users Using Identity Pools