SSO Configuration
SSO Configuration
An Admin can enable and disable SSO, and configure IdP settings. Also your service provider’s details are displayed on the SSO Configuration page. This workflow is explained in vendor-specific detail in the Okta and Entra ID SSO articles.
Admins can configure SSO identity provider details and see service provider details. SSO can be enabled/disabled from Settings > Users, on the SSO Configuration tab. An admin can configure SSO identity provider details and see service provider details.
- Go to Settings > Users and click SSO Configuration.
- Enter Identity Provider information:
Field Description Identity Provider Issuer URL Identity Provider Issuer URL Identity provider SSO URL Identity provider single sign on URL Identity provider SLO URL Identity provider single logout URL Public x509 Certificate Public x509 Certificate string. - View Service Provider information (provided for configuration in the SSO dashboard).
Field Description Service Provider Entity ID Service Provider Entity ID URL. Service Provider ACS URL Service Provider assertion consumer service URL. Service Provider SLS URL Service Provider single logout service URL. - Click Save.
Note that if you migrated the domain or IP address of the machine where CE is deployed, you will need to disable the SSO toggle, and then re-enable it in order for CE to apply the change. After this, you need to update your SSO vendor details (like Okta) with the updated details in the SSO Configuration tab in CE UI. (For detailed steps, please refer to the bottom of this troubleshooting page.)
Configure Force Authentication
- Go to Settings > Users > SSO Configurations.
- If toggle is enabled, users will be forced to re-authenticate on every login of CE, even if they have a valid session.