Directo help

User Tools

Site Tools


en:single_sign_on_configuration

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

en:single_sign_on_configuration [2026/05/06 14:44] – created ergoen:single_sign_on_configuration [2026/05/06 15:29] (current) ergo
Line 12: Line 12:
  
 Navigate to the SAML SSO configuration page in Directo. You will see a list of existing IdP configurations, or an empty list if none have been configured yet. Navigate to the SAML SSO configuration page in Directo. You will see a list of existing IdP configurations, or an empty list if none have been configured yet.
 +
 +From the main menu: Settings -> Common Settings -> SSO Saml Login settings. Or use the search feature.
  
 ===== Step 2: Create a New Configuration ===== ===== Step 2: Create a New Configuration =====
Line 18: Line 20:
   - You will be taken to the IdP configuration form.   - You will be taken to the IdP configuration form.
  
-{{<add_new_button_img_here>}}+{{:et:ergo20260506-150112.png}}
  
 ===== Step 3: Fill in the Button Title ===== ===== Step 3: Fill in the Button Title =====
  
 Enter a descriptive name in the **Button title** field. This is the label that will appear on the SSO login button on the Directo login page (e.g., "Login with Azure AD" or "Company SSO"). Enter a descriptive name in the **Button title** field. This is the label that will appear on the SSO login button on the Directo login page (e.g., "Login with Azure AD" or "Company SSO").
- 
-{{<button_title_field_img_here>}} 
  
 ===== Step 4: Configure the IdP Settings ===== ===== Step 4: Configure the IdP Settings =====
Line 32: Line 32:
 Enter the **Login URL** (also known as SSO URL or SAML Endpoint) from your Identity Provider. This is the endpoint where Directo sends SAML authentication requests. Enter the **Login URL** (also known as SSO URL or SAML Endpoint) from your Identity Provider. This is the endpoint where Directo sends SAML authentication requests.
  
-{{<login_url_field_img_here>}}+{{:et:ergo20260506-150907.png}}
  
 **Where to find it:** **Where to find it:**
Line 38: Line 38:
   * **Okta**: Applications → Your App → Sign On tab → Identity Provider Single Sign-On URL   * **Okta**: Applications → Your App → Sign On tab → Identity Provider Single Sign-On URL
   * **Google Workspace**: Admin Console → Apps → Web and mobile apps → Your App → SSO URL   * **Google Workspace**: Admin Console → Apps → Web and mobile apps → Your App → SSO URL
- 
-{{<idp_login_url_img_here>}} 
  
 ==== Logout URL (optional) ==== ==== Logout URL (optional) ====
  
 Enter the **Logout URL** (also known as SLO URL or Single Logout Endpoint). This enables single logout — when a user logs out of Directo, they are also logged out of the IdP session. Enter the **Logout URL** (also known as SLO URL or Single Logout Endpoint). This enables single logout — when a user logs out of Directo, they are also logged out of the IdP session.
- 
-{{<logout_url_field_img_here>}} 
  
 **Where to find it:** Look for "SLO URL", "Logout URL", or "Single Logout Endpoint" in the same section as the Login URL in your IdP. **Where to find it:** Look for "SLO URL", "Logout URL", or "Single Logout Endpoint" in the same section as the Login URL in your IdP.
- 
-{{<idp_logout_url_img_here>}} 
  
 ==== Metadata URL (required) ==== ==== Metadata URL (required) ====
  
 Enter the **Metadata URL** that points to your IdP's SAML metadata XML document. This URL contains the IdP's signing certificates, endpoints, and other configuration details. Enter the **Metadata URL** that points to your IdP's SAML metadata XML document. This URL contains the IdP's signing certificates, endpoints, and other configuration details.
- 
-{{<metadata_url_field_img_here>}} 
  
 **Where to find it:** **Where to find it:**
Line 62: Line 54:
   * **Google Workspace**: Admin Console → Apps → Web and mobile apps → Your App → Download metadata (use the URL, not the file)   * **Google Workspace**: Admin Console → Apps → Web and mobile apps → Your App → Download metadata (use the URL, not the file)
  
-{{<idp_federation_metadata_url_img_here>}}+{{:et:ergo20260506-150829.png}} 
 + 
 +(Azure SSO pictured above)
  
 ===== Step 5: Configure Name ID Mapping ===== ===== Step 5: Configure Name ID Mapping =====
Line 72: Line 66:
  
 Choose the option that matches how your IdP is configured to send the Name ID claim. Choose the option that matches how your IdP is configured to send the Name ID claim.
- 
-{{<name_id_mapping_field_img_here>}} 
  
 ===== Step 6: Save the Configuration ===== ===== Step 6: Save the Configuration =====
 +
 +{{:et:ergo20260506-150533.png}}
  
 Click **Save**. If you provided a Metadata URL, Directo will automatically import the IdP's signing certificates during the first save. Click **Save**. If you provided a Metadata URL, Directo will automatically import the IdP's signing certificates during the first save.
- 
-{{<save_button_img_here>}} 
  
 ===== Step 7: Manage Certificates ===== ===== Step 7: Manage Certificates =====
Line 85: Line 77:
 After saving, the **Trusted Certificates** section appears below the form. This section shows the signing certificates imported from your IdP's metadata. After saving, the **Trusted Certificates** section appears below the form. This section shows the signing certificates imported from your IdP's metadata.
  
-{{<certificates_section_img_here>}}+{{:et:ergo20260506-151935.png}}
  
 ==== Importing Certificates ==== ==== Importing Certificates ====
Line 91: Line 83:
   * Certificates are automatically imported from the Metadata URL on first save.   * Certificates are automatically imported from the Metadata URL on first save.
   * To manually import or re-import certificates, click **Import from Metadata URL**.   * To manually import or re-import certificates, click **Import from Metadata URL**.
- 
-{{<import_certificates_button_img_here>}} 
  
 ==== Certificate Rollover ==== ==== Certificate Rollover ====
Line 118: Line 108:
   - Click the button and verify that you are redirected to your IdP's login page.   - Click the button and verify that you are redirected to your IdP's login page.
  
-{{<login_page_sso_button_img_here>}}+{{:et:ergo20260506-152053.png}} 
 + 
 +{{:et:ergo20260506-152359.png}}
  
   - After authenticating with the IdP, you should be redirected back to Directo and logged in.   - After authenticating with the IdP, you should be redirected back to Directo and logged in.
Line 135: Line 127:
  
 :!: **Warning:** Deleting an IdP configuration will immediately prevent users from logging in via that SSO method. :!: **Warning:** Deleting an IdP configuration will immediately prevent users from logging in via that SSO method.
 +
 +:!: **Warning:** If you have enabled "Only configured SSO SAML methods can be used for authentication" and you delete all login methods you can lock yourself out of your application.
 +
 +{{:et:ergo20260506-152859.png}}
  
 ===== Troubleshooting ===== ===== Troubleshooting =====
en/single_sign_on_configuration.txt · Last modified: 2026/05/06 15:29 by ergo
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki