Single Sign-On (SSO)

Configure SSO for your Saylo project

Single Sign-On (SSO)

Allow users to login with their existing accounts using your organization's identity provider.

What you'll get

  • Seamless login experience for your users
  • Centralized user management
  • Enhanced security with existing policies
  • Reduced administrative overhead

Supported providers

Enterprise SSO

  • Google Workspace - OAuth 2.0 integration
  • Microsoft 365 - SAML 2.0 and OAuth 2.0
  • Okta - SAML 2.0 integration
  • Auth0 - SAML 2.0 integration
  • OneLogin - SAML 2.0 integration
  • Custom SAML - Any SAML 2.0 compliant provider

Social login

  • Google - OAuth 2.0
  • GitHub - OAuth 2.0
  • Microsoft - OAuth 2.0

Setup

Step 1: Choose your provider

Select the SSO provider that matches your organization's authentication system.

Step 2: Configure provider settings

Google Workspace

  1. Go to Google Cloud Console
  2. Create a new project or select existing
  3. Enable Google+ API
  4. Create OAuth 2.0 credentials
  5. Add authorized redirect URIs

Microsoft 365

  1. Go to Azure Portal
  2. Register new application
  3. Configure redirect URIs
  4. Set required permissions

SAML Provider

  1. Set up SAML application in your IdP
  2. Configure entity ID and ACS URL
  3. Download metadata or configure manually

Step 3: Configure in Saylo

  1. Go to your Saylo dashboard
  2. Navigate to SettingsAuthentication
  3. Click on Single Sign-On
  4. Select your SSO provider
  5. Enter configuration details
  6. Test the connection

Step 4: Configure user mapping

  1. Map provider attributes to Saylo user fields
  2. Set up automatic user provisioning
  3. Configure role assignments
  4. Test authentication flow

Configuration options

User provisioning

  • Automatic provisioning - Create accounts automatically
  • Just-in-time provisioning - Create accounts on first login
  • Manual approval - Require admin approval for new users

Attribute mapping

Map your provider's user attributes to Saylo user fields:

  • Email - Primary identifier
  • Name - Display name
  • Groups/Roles - Permission assignments
  • Custom attributes - Additional user data

Access control

  • Domain restrictions - Limit to specific email domains
  • Group-based access - Restrict to specific groups
  • Role assignments - Automatic role assignment based on groups

Security

Best practices

  • Use HTTPS for all connections
  • Regular certificate rotation
  • Monitor access logs
  • Implement MFA when possible
  • Regular security audits

Compliance

  • GDPR compliance for user data handling
  • SOC 2 compliance for security controls
  • HIPAA compliance for healthcare data
  • Enterprise security policies

Troubleshooting

Authentication failures

  • Check provider configuration in your IdP
  • Validate certificates are valid and not expired
  • Verify user attributes are correctly mapped
  • Review error logs for specific messages

User provisioning issues

  • Ensure required attributes are mapped
  • Confirm user email domains are allowed
  • Verify group membership and role mapping
  • Check user limits haven't been exceeded

Performance issues

  • Monitor IdP response times
  • Request only necessary attributes
  • Implement caching when possible
  • Ensure adequate infrastructure resources

Need help?

  • Check your IdP's documentation
  • Contact your identity provider support
  • Review Saylo authentication logs

Go to Dashboard

View All Integrations