Articles on: Developers & API
This article is also available in:

Single Sign-On (SSO) - Main Configuration

Enabling Single Sign-On (SSO)


To enable Single Sign-On (SSO), follow these steps:

  1. Locate the SSO toggle switch in your authentication settings.
  2. Switch the toggle to enable SSO.


⚠️ Important: You can only test your SSO configuration using the direct link to your application. SSO will not work in preview mode.


SSO Configuration Options


1. Configure SAML-Based SSO


If you choose to use SAML, you’ll need to configure both Drimify’s service provider details and your identity provider’s details.


Service Provider Details (provided by Drimify):


  • Entity ID – Unique identifier for your configuration.
  • ACS (Assertion Consumer Service) URL – Where the IdP sends SAML assertions.
  • SLS (Single Logout Service) URL – Handles logout requests.


These values will appear once SSO is enabled and must be added to your Identity Provider (IdP).


Identity Provider Details (provided by you):



2. Authentication Method (Optional)


You can optionally define an authenticationMethod to enforce a specific level of authentication when users log in via SSO.


Available methods:


  • None (Let IdP decide)
  • Password / Password over TLS
  • X.509 Certificate
  • PKI Authentication
  • Kerberos
  • Smartcard / Smartcard PKI
  • Time-synchronous token (OTP)
  • Mobile (1FA / 2FA)
  • IP Address only / IP + Password
  • Previous session
  • Unspecified


If you're unsure, select None to let your Identity Provider determine the authentication mechanism.


3. Configure OAuth-Based SSO


You can also configure SSO using an OAuth provider.

Supported OAuth options:


  • Keycloak
  • Custom provider


For Keycloak:


  • Client ID
  • Client Secret
  • Keycloak Server URL
  • Realm
  • Version


For Custom OAuth:


  • Client ID
  • Client Secret
  • Authorization URL
  • Access Token URL
  • Resource Owner (User Info) URL
  • Scopes (e.g., openid, profile, email)
  • ID Field (e.g., sub)
  • Email Field (e.g., email)
  • First Name Field (e.g., given_name)
  • Last Name Field (e.g., family_name)


Step-by-Step Summary


  1. Enable SSO via the toggle.
  2. Choose a configuration method:


  • Manually configure SAML or OAuth.


  1. Enter required details (depending on the method).
  2. Save and test using the direct application link.


Important Notes


  • 🔐 Plan Requirement: Your subscription must include the Premium SSO option.
  • 🔗 Test using direct link: Preview mode does not support SSO.
  • 🛠️ Check your SSO platform: Ensure your IdP or OAuth provider allows requests from Drimify.


Troubleshooting Tips


SAML-Specific


  • ACS URL / Entity ID mismatch: Double-check these values in your IdP.
  • 📅 Expired Certificate: Update the X.509 certificate if it’s expired or changed.
  • 🚫 Unsupported Authentication Method: Try setting it to "None" if login fails.
  • 📥 SAML assertion not accepted: Ensure it's in the correct format and includes required fields (like email).


OAuth-Specific


  • Invalid Client ID/Secret: Double-check credentials.
  • 🌐 Incorrect URLs: Ensure all URLs are accurate and accessible.
  • 🔍 Missing Scopes: Confirm that the required scopes are included.
  • 🧩 Missing Field Mappings: Match field names with your OAuth provider’s user info response.


General Issues


  • ⚠️ SSO only works via direct link: Avoid testing in preview.
  • 🔄 SSO not triggering: Ensure it’s enabled and your plan includes the feature.
  • 🧭 User data mismatch: Confirm your IdP or OAuth provider returns a valid, unique user identifier.


Updated on: 29/05/2025

Was this article helpful?

Share your feedback

Cancel

Thank you!