Identity as a Service:Configure SSO

You must configure SSO before you can implement SSO.

This topic describes the following SSO configuration items that are common to all applications:

• SSO status

• Application account

• Authorized scope

For more information about the configuration steps, see the documentation for different application templates.

SSO status

After you activate an application, all features of the application are disabled. To facilitate configuration, the SSO status is automatically changed to Enabled. You must click Save to allow the change to take effect.

Applications for which the SSO feature is disabled are not displayed in the user portal.

Application account

An application account is the unique identifier of a user in the application. When a user sends an SSO request to an application, IDaaS passes the application account to the application. Then, the application places the account in the logged-on state to implement SSO.

If accounts exist in the application, check whether the accounts are mapped to the accounts in IDaaS. If the accounts are not mapped to the accounts in IDaaS, perform batch synchronization for users or create accounts in the application in advance.

For SAML-based applications, you can configure application account rules in the applications. For more information, see Configure accounts for a SAML-based application.

For OIDC-based applications or self-developed applications, IDaaS passes relevant values in id_tokn. For more information, see Enter OIDC id_token extended values.

Authorized scope

You can select one of the following options to specify the users who can access the application.