Skip to main content

Single Sign-On (SSO) Setup

This page guides you through setting up Single Sign-On (SSO) for your organization. SSO allows your users to sign in to the application using their existing credentials from your identity provider (IdP), such as Microsoft Azure AD, Okta, Google, or a SAML-based provider. This provides a more seamless and secure login experience.

Overview

The SSO setup process involves three main steps:

  1. Configuration: Provide your domain and configure the connection to your chosen identity provider.
  2. Verification: Verify the configuration by adding a redirect URI to your identity provider's settings.
  3. Completion: Once verified, SSO is active for your domain.

Configuration Step

Accessing the SSO Setup Page

To start the SSO setup, navigate to the SSO setup page, typically accessed through your organization's settings or administration panel.

Providing Your Domain

  1. Enter your organization's domain in the provided field. This domain will be used to identify users who can sign in via SSO. Important: SSO cannot be configured for public email domains (e.g., Gmail, Outlook, Yahoo). You must use your organization's domain.

Selecting an Identity Provider

Choose your identity provider from the available options:

  • Microsoft Azure AD: If your organization uses Microsoft Azure Active Directory.
  • Okta: If your organization uses Okta.
  • Google: If your organization uses Google Workspace.
  • SAML: If your organization uses a SAML-based identity provider. You'll also specify a SAML Metadata URL.

Depending on your selected provider, you'll need to provide specific credentials or configuration details. Common requirements include:

  • Client ID: The application ID registered in your identity provider.
  • Client Secret: A secret key for authenticating with your identity provider.
  • Tenant ID (Microsoft Azure AD): The ID of your Azure AD tenant.
  • Okta Domain (Okta): Your Okta domain URL.
  • SAML Metadata URL (SAML): URL pointing to your SAML provider's metadata.
  • Organization Name (Optional): The name of your organization for identification purposes.

Error Handling

If any required fields are missing or invalid, an error message will be displayed to guide you. Make sure to fill in all necessary information correctly.

Completing Configuration

Once you've filled in all the required information, click the "Set up SSO" button. The system will attempt to configure the SSO connection with your identity provider. If successful, you'll be redirected to the verification step.

Verification Step

Understanding the Verification Process

After the configuration step, you'll need to verify the setup by adding a specific redirect URI to your application's configuration within your identity provider. This redirect URI is essential for the SSO flow to function correctly.

Locating the Redirect URI

The redirect URI will be displayed on the verification page. It's usually in the format of https://your-application-domain/sso/callback.

Adding the Redirect URI to Your Identity Provider

Follow the instructions specific to your identity provider to add the redirect URI to your application's settings:

  • Microsoft Azure AD: Navigate to Azure Portal → App registrations → Your app → Authentication → Add this URL to "Redirect URIs".
  • Okta: Navigate to Okta Admin Console → Applications → Your app → General → Edit → Add this URL to "Sign-in redirect URIs".
  • Other Identity Providers: Consult your identity provider's documentation for instructions on adding redirect URIs.

Verifying and Activating SSO

Once you've added the redirect URI, click the "Verify & Activate" button. The system will verify the connection with your identity provider. If successful, SSO will be activated for your domain, and you'll be redirected to the completion step.

Completion Step

SSO is Active

After successful verification, SSO is now active for your domain. Users with email addresses matching your domain will be able to sign in using their existing credentials from your identity provider.

Next Steps

  • Share the sign-in page: Inform your team members about the new SSO sign-in option.
  • Test SSO: Encourage users to test the SSO login with their organization accounts.
  • User Experience: Users can now enter their email on the sign-in page to see SSO options.

Troubleshooting

  • Incorrect Credentials: Double-check that you've entered the correct Client ID, Client Secret, Tenant ID (if applicable), and Okta Domain (if applicable).
  • Missing Redirect URI: Ensure that you've added the correct redirect URI to your identity provider's settings.
  • Public Email Domain: SSO can only be set up using your organization's domain. Public domains like gmail.com, outlook.com and yahoo.com are not allowed.

If you encounter any issues during the SSO setup process, please contact support for assistance.

Curie Footer Logo
Subscribe to our Newsletter
Product
Features
Security
Curie vs Copilots
Use Cases
Platform Migration
Build Integrations
Maintain Integrations
Company
About
Careers
Trust Center
X
X Icon
Contact
Contact Icon
LinkedIn
LinkedIn Icon
© Curie — All rights reserved.
TermsPrivacy
Cookies