Single Sign-on¶
Omnistrate allows configuring Single Sign-on (SSO) for your SaaS application. This feature enables end users to authenticate to your SaaS application using their existing identity provider credentials, such as Google or GitHub. This feature is an addition to the username/password authentication mechanism provided by default.
SSO uses the OAuth 2.0 protocol for authentication.
Supported Identity Providers¶
- GitHub OAuth
Once the SSO Identity Provider(s) are configured, users can login to your SaaS application using the buttons on the login page.
To get started with Google:¶
- Setup OAuth 2.0 for your Google application.
- Make sure to add SaaS domain URL to the list of Authorized Javascript origins.
- Make sure to add your SaaS domain URL
/idp-authendpoint to the list of Authorized redirect URIs. - Navigate to the Identity Providers section in Omnistrate.
- Create a new Identity Provider using the Client ID and Client Secret from step 1.
- Click verify to ensure that the Identity Provider credentials are correct.
Note
If your Google application is set to “Internal” user type, only users within your organization (@your-organization.com) will be able to authenticate with this Identity Provider. Omnistrate is not able to verify your Identity Provider credentials in this case.
If you have a use-case with "Internal" user type, please reach out to us at support@omnistrate.com.
To get started with GitHub OAuth:¶
- Setup an OAuth App in GitHub.
- Make sure to add your SaaS domain URL
/idp-authendpoint as the Authorization callback URL.
- Make sure to add your SaaS domain URL
- Navigate to the Identity Providers section in Omnistrate.
- Create a new Identity Provider using the Client ID and Client Secret from step 1.
- Click verify to ensure that the Identity Provider credentials are correct.
Note
GitHub Apps are not supported at this time, only OAuth Apps are supported.