How to Integrate Single-Sign-On (SSO)

Single Sign-On (SSO) is an authentication method that allows users to securely authenticate with multiple applications and websites, including StrongDM. StrongDM customers often leverage SSO to make infrastructure access as simple as accessing any other business application.

SSO Basics

SSO can be implemented with StrongDM using either OIDC or SAML.

• The Difference Between SAML vs. OIDC
• General SSO Guide

Do you plan to use SSO?

• Yes, with OIDC: Explore our documentation for OIDC SSO:

  • SSO With ADFS
  • SSO With Auth0
  • SSO With Azure AD
  • SSO With Keycloak
  • SSO With Okta
  • SSO With SAML
  • SSO With VMware Workspace ONE
  • SSO With OneLogin (OIDC)

• Yes, with SAML: Explore our documentation for SAML SSO:

  • SSO With Ping Identity (SAML)
  • SSO With OneLogin (SAML)

• Yes, with OAuth:

  • SSO With Google

• No: If you don’t plan to implement SSO, your users will be managed by StrongDM through the Admin UI:

  • Manage Users
  • Set Up Multi-Factor Authentication (MFA) with Duo
  • Set Up Password Requirements

Provisioning with SCIM

SSO provides the base functionality where your users can authenticate to StrongDM using their organization-wide credentials. SCIM (System for Cross-Domain Identity Management) takes this a step further by automating identity and access provisioning.

In other words, with SSO only, an administrator must still manually manage the roles and permissions of each user within the context of StrongDM. By implementing SCIM, an organization can automatically create, update, and deprovision users and their roles within StrongDM based on their status within the organization. SCIM groups will map to roles within StrongDM.

• Webinar: How to prepare for a SCIM integration with your SSO
• Azure User & Group Provisioning
• JumpCloud User & Group Provisioning
  • SCIM with alternate methods, including Google
  • SCIM SDK
• Okta User & Group Provisioning
• OneLogin User & Group Provisioning
• StrongDM SCIM API Specification