Adding SSO

Single Sign On allows users to sign in using credentials they already have.

This eliminates the need to create a new username and password just for customer's application.

Two popular SSO web standards are SAML and OpenID Connect. They manage and authenticate individual users across multiple applications.

This guide is the starting point for adding SSO to your Frontegg application so that users can sign in using their SAML or OpenID Connect credentials.

How To Add SSO

Follow the steps below to get SSO up and running for your customers and their users.

  1. Enable SSO
  2. Configure SSO
  3. Configure customer identity provider

STEP 1: Enable SSO

Enable SSO in the Frontegg Portal. The SSO options include SAML and OpenID Connect.

After enabling an SSO standard in the Builder, you need to configure it in your Frontegg environments.

Follow the guide below to enable SSO.

STEP 2: Configure SSO

After enabling one or more SSO options, configure them in the Environments.

Follow the guides below to configure SSO.

STEP 3: Configure Customer IDP

After enabling and configuring an SSO option, your customers need to configure their identity provider.

Follow the links below to assist customers with configuring their identity provider so that their users can sign in using SSO.

Why Add SSO

Single Sign On is good for businesses and customers.

SSO reduces the likelihood that credentials are lost or stolen, prevents the need to remember as many usernames and passwords, and generally results in less time spent on username and password problems.

This results in fewer support requests related to authentication.

Plus, it eliminates the challenging responsibility of managing user identities in today's world where the number of integrations, user correlations, and permissions is increasing.

Despite its benefits, SSO is extremely challenging to implement from scratch. It requires a complex set of transactions between several entities that is difficult to get right.

Frontegg solves that problem by making SSO very simple to implement.

How Frontegg Handles SSO

Customers enable and configure their IDP and claim a domain by adding a TXT record. Frontegg validates the domain for you.

When a user inputs an email on the login page, Frontegg cross checks it with the domain references and knows how to redirect the user to the relevant IDP for login.

When the IDP returns to your API with a response, Frontegg logs in the user with the identity provided by the IDP and generates JWT for authentication.

Did this page help you?