SSO Module

Empower your customers to integrate with enterprise identity providers.

This guide shows how your customers can access the SSO settings in the Admin Portal and configure their identity provider.

The basic steps are:

STEP 1: Configure Login Box

Follow the guides for adding SSO in the Builder.

The guides explain how to enable SSO by turning on one or more SSO standards in the Builder.

The guides also explain how to configure each standard. You need to configure each standard that you enable in the Builder.

Here are links to the configuration guides.

STEP 2: Enable Collaboration

After enabling and configuring SSO for the Login Box, enable SSO on the Builder's Collaboration page.

Go to Home ➜ Builder ➜ Collaboration.

Turn on SSO by toggling the SSO switch to on.

When toggled on, in the preview of the Admin Portal you should see the SSO option appear in the sidebar.


Commit any changes and publish them before moving on. Read about editing builder settings.

STEP 3: Configure IDP

With SSO configured in the Builder for both the Login Box and Collaboration, your customers can configure their identity provider in the Admin Portal.


Customers need information from their IDP to complete this step. They need either the XML file or the SSO Endpoint and Public Certificate. See guides below for help finding that information for specific IDPs.

Your customer should go to the Admin Portal ➜ SSO.


To access the Admin Portal, review the Admin Portal introductory guide.


SSO Permissions

Ensure that a user can access SSO in the Admin Portal by assigning them a role with SSO permissions.

Click the add new button to configure an identity provider.

We recommend selecting automatic. It is the same as manual but less prone to implementation errors.

After selecting automatic, the customer needs to upload the XML file from their identity provider.


If the IDP does not offer an XML download, the customer may need to copy the XML data from the IDP and save it to an .xml file then upload that file to the Admin Portal.

If the customer selects manual, they need to enter the SSO Endpoint and Public Certificate from the identity provider.

For examples and explanations, follow the relevant configuration guide below for your SSO standard and identity provider.

STEP 4: Claim Domain

After configuring the identity provider, the customer needs to claim one or more domains.

The customer should claim a domain if users are using Frontegg to sign in to an application hosted on that domain.

The customer needs to copy the DNS record info into a new TXT record with their DNS provider.

Customers can configure multiple domains. This might be useful if you have multiple environments for development or multiple production applications on separate domains.


Control which users can configure SSO and therefore claim domains by configuring the Roles and Permissions.

STEP 5: Manage Authorization

Manage which users can log in using SSO based on their role and automatically IDP groups to Frontegg roles.

The customer can add default SSO roles from the existing list of roles.


Add and remove roles for customers to assign to users.

The customer can also map IDP groups to Frontegg roles to automatically assign Frontegg roles to users based on which IDP group the user belongs to.

If the customer maps groups to roles, then they should:

  • Enter a group name that corresponds to a group name with their IDP
  • Consider making that role a default SSO role if that groups should have SSO authorization

The customer has now configured SSO. They can manage the settings through the Admin Portal.

Be sure to toggle new connection on.

Did this page help you?