Overview of supported Single Sign-On (SSO) identity providers (IdP)
Who is this article for?
IT Adminstrators enabling Single Sign-On for their organisation.
No special access or permissions are required.
Both the desktop application and WebUI support Single Sign-On (SSO) via the SAML 2.0 protocol. Any Identity Provider (IdP) that speaks SAML 2.0 is compatible, regardless of brand or vendor.
This article provides a bit more detail on the topic.
1. Identity Provider (IdP)
An Identity Provider (IdP) is the system your organisation uses to manage user identities and authenticate users for SSO. Common examples include:
- Microsoft Entra ID (formerly Azure AD)
- Okta
- Shibboleth
- ADFS (Active Directory Federation Services)
- PingFederate
There are many others. The specific brand (or product version) does not matter to us (with one exception, see below).
2. Compatibility
Our product implements the SAML 2.0 standard (Security Assertion Markup Language, version 2). SAML 2.0 is an open, widely adopted industry standard, so any IdP that supports it will work with our product.
The only question to ask is, "Does the your IdP support SAML 2.0?"
If yes, it's compatible.
We do interface with LDAP, but in a limited capacity. LDAP can be used only to import user details (such as names and email addresses) into the product. It is not used for authentication.
Note
LDAP integration is available for on-premises deployments only and is not available to cloud-hosted customers.
3. Exceptions
3.1. ForgeRock
Customers using newer versions of ForgeRock might find that the SSO dialog does not appear. This is due to a compatibility issue between the embedded JavaScript used in the SSO login page and our application.