1. Authentication
  • Overview
  • Application Guides
    • Frontend
      • Get Started - React App
      • Get Started - HTML and JS
      • Get Started - Angular JS
      • Get Started - Next JS App
    • Backend
      • Get Started - Node JS
      • Get Started - Golang
      • Get Started - ASP.NET
      • Get Started - JAVA
  • Dashboard
    • API Credentials
    • Organization
    • Social Login
    • Customize Email Template
    • Configure Custom Domain
    • IT Admin Portal
  • Authentication
    • Login Widget
    • Magic Link
    • Google Social Login
    • Multi-Factor Authentication
    • Single Sign-On Overview
    • Setup SSO Connection
  • Security
    • Overview
    • Authentication
      • Password Hashing and Storage
      • Multi-Factor Authentication Methods and Implementation
      • Session Management
    • Attack Protection
      • Bot Detection
      • Breached Password Detection
      • Brute Force Protection
      • Log Events
      • Secure JSON Web Tokens (JWT)
      • Secure OpenID Connect (OIDC)
      • Suspicious IP Throttling
    • Data Security
      • Data Encryption At Rest and In Transit
      • Secure Storage of Secrets (Keys, Credentials)
      • Sensitive Data Handling
    • Infrastructure
      • Security Considerations for Cloud Provider or Deployment Model
      • Threat Modeling
  • API References
    • Authentication
      • MagicLink
        • Email a Magic Link
        • Resend Email Magic Link
        • Verify Magic Link
        • Ping Status
      • Magic Auth Code
        • Email a Magic Auth Code
        • Resend Magic Auth Code
        • Verify Magic Auth Code
      • Phone Authentication
        • Send Magic Auth Code via SMS
        • Resend Magic Auth Code via SMS
        • Phone Magic Auth Verify
      • PassKey
        • Initiate Passkey Login
        • Passkey Registration Initialize
        • Finish Passkey Authentication
        • Complete Passkey Registration
        • Check User Passkey Authentication Status
        • List User PassKey Credentials
        • Update Passkey Name
        • Delete Associated Passkey
      • GET Auth Status
    • Token
      • Refresh Token
      • Access Token By Auth Code
    • Mutli-Factor Authentication (MFA)
      • MFA Access Token
      • List of Authenticators
      • MFA Enroll TOTP
      • Initiate MFA
      • QR Code Image API
      • Validate MFA Token
      • Get Backup Code
    • Role And Permission
      • List All Roles
      • List All Permission
      • Create New Role
      • Update Existing Role
      • Update Permission By Permission Id
      • Remove Organization Role By Role Id
      • Remove Organization Permission By Permission Id
    • User Management
      • List All Users
      • GET User By User Id
      • GET User by User Email Address
      • Create a User
      • Update User by User Id
      • Verify User Status By User Id
      • Delete User By User Id
      • Manage User Roles
      • GET Users Organizations
      • GET User Login Logs
    • Organization
      • Add New Organization
      • Get Organization
      • Get All Organization
      • Update Organization
      • Delete Organization
      • GET Configuration By Client Id
      • GET Configuration By Custom Domain
  1. Authentication

Single Sign-On Overview

Implementing Single Sign-On (SSO) allows users to effortlessly sign in using their existing credentials, eliminating the hassle of creating new usernames and passwords for your application.
Two widely used SSO protocols, SAML and OpenID Connect, effectively manage and authenticate individual users across various applications.
This comprehensive guide serves as the foundation for integrating SSO into your SSOJet application, enabling users to securely sign in using their Identity Provider (IDP) credentials via SAML 2.0 or OpenID Connect.
The following components are essential for successfully setting up SSO for your customers and their organizational users.
Enable SSO in the SSOJET Portal. The SSO options include SAML and OpenID Connect.
Go to Home ➜ Organization ➜ Builder ➜ Login Box.
In the left panel, toggle the switch to on for each SSO standard you want to enable.
SSOJet-SSOLogin-Option.png

Get an authorization URL#

Generates an OAuth 2.0 authorization URL to authenticate a user with SSO.
Request
HTTP Request
You’ll have to specify the user’s connection as a parameter. These connection selectors are mutually exclusive, and exactly one must be provided. The generated URL automatically directs the user to their identity provider. Once the user authenticates with their identity provider, SSOJet then issues a redirect to your redirect URI to complete the sign-in flow.

Redirect URI#

OAuth 2.0 uses a redirect URI to send users to a designated location after completing the authentication process with their identity provider.
When redirecting the user, SSOJet will generate an authorization code and send it to your redirect URI as a code query parameter. Your app can use this code to retrieve the user's profile. Additionally, SSOJet can include a state parameter in the redirect, which you can use to encode and preserve any necessary information for restoring your application's state.
https://your-app.com/callback?code=02114164344354&state=2151050150
To ensure a smooth sign-in process for your users, it's important to configure the allowed redirect URIs for your application through the Redirects page in the dashboard. Without a valid redirect URI, users won't be able to sign in. Remember to use a redirect URI as a parameter to obtain the authorization URL that matches one of the URIs configured in the dashboard.
HTTPS protocol is required in production environments
HTTP and localhost are allowed in staging environments
Wildcard characters are not allowed in production environments

Error codes#

In case of any problem generating an authorization URL, the API will send back the original redirect URI along with error and error_description query parameters. The state value, if given, will also be included.
Error codeDescription
access_deniedThe user denied an OAuth authorization request at the identity provider.
Modified at 2024-06-18 12:52:41
Previous
Multi-Factor Authentication
Next
Setup SSO Connection
Built with