SSO Config

After configuring SSO, enterprise users can log into their personal pages directly through internal domain authentication without remembering separate account passwords.

How to Access

In the tenant admin panel, navigate to "Settings → SSO Config" to enter the SSO configuration page. This page is only accessible to users with the Tenant Admin role.

Prerequisites

Before configuring SSO, you need administrative access to your enterprise identity provider (IdP) and its metadata information. Currently only ADFS (Active Directory Federation Services) is supported as the identity provider.

Configuration Fields

Enable SSO

When enabled, users can log in directly through the enterprise identity provider. Disabling SSO requires a confirmation dialog.

Identity Provider Type

Select the enterprise identity provider type. Currently only ADFS is supported; more providers will be added in future releases.

Metadata Configuration Method

Two methods are supported for IdP metadata: entering the IdP metadata URL (system fetches metadata automatically) or uploading an XML metadata file exported from ADFS. Choose one method.

Configuration Steps

  1. Navigate to "Settings → SSO Config" page
  2. Enable the "Enable SSO" toggle and select the identity provider type (currently only ADFS)
  3. Choose the metadata configuration method: IdP metadata URL or upload XML metadata file
  4. Configure the "Callback URL (ACS URL)" and "Service Provider Entity ID" in your ADFS relying party trust
  5. If needed, download the SP signing certificate and upload it to the ADFS signing tab

Notes

  • Once saved, SSO configuration cannot be modified directly. Click the "Reconfigure" button to enter edit mode
  • Disabling SSO requires secondary confirmation. After disabling, users will not be able to log in via SSO
  • After regenerating the SP signing certificate, the ADFS side must also update the certificate, otherwise SSO login will fail