This guide is the third step for adding SSO to your Frontegg application. In this guide, you enable SSO for the Admin Portal so that users can access SSO settings from your application.

  1. Enable SAML or OpenID Connect in Login Box
  2. Configure SAML or OpenID Connect
  3. πŸ‘‰ Enable SSO for Admin Portal πŸ‘ˆ
  4. Configure customer identity provider

Enable SSO for Admin Portal

Go to Home ➜ Builder ➜ Collaboration.

Turn on SSO by toggling the SSO switch to on.

When toggled on, in the preview of the Admin Portal you should see the SSO option appear in the sidebar.

28802880

πŸ“˜

Commit any changes and publish them before moving on. Read about editing builder settings.


Roles and Permissions

Roles and permissions are critical for multiple SSO purposes. Learn how to use roles and permissions for:

  • Granting access to specific users for managing SSO configurations for customer accounts
  • Allowing customer accounts to use groups to roles mapping

Grant Access

Ensure that a user can access SSO in the Admin Portal by assigning them a role with SSO permissions. The only users who need access to SSO settings in the Admin Portal are those responsible for configuring and maintaining identity provider settings. We do not recommend granting SSO permissions to users who do not need it.

Read more about creating and using roles in the Frontegg Portal.

Group to Roles Mapping

When enabling SSO for the Admin Portal, consider the roles and permissions in your Frontegg Portal.

You want to make sure you have configured your roles for your customers before they set up SSO because customer accounts can map their IDP groups to the roles in your Frontegg Portal.

Mapping SAML IDP groups to roles in Frontegg results in each SAML group member being automatically assigned to the matching role to make securing your app easier than ever.

Next Step: Configure customer identity provider

After enabling SSO for the Admin Portal, make sure your customers configure their SSO identity provider in the Admin Portal.

  1. Enable OpenID Connect in Login Box
  2. Configure SAML and OpenID Connect
  3. Enable SSO for Admin Portal
  4. πŸ‘‰ Configure customer identity provider πŸ‘ˆ

Did this page help you?