Set up Single Sign-On (SSO)

overview this guide explains how to configure saml 2 0 single sign on (sso) for odin sso allows your users to authenticate through your organization’s identity provider (idp), improving security and simplifying login management who can configure sso sso setup can be performed by users with one of the following roles admin – has full administrative access it admin – a special role created for it teams or consultants who need to configure sso but do not require full access about it admin purpose it admins are meant solely for sso configuration access they can only access the sso setup page within odin billing it admins do not count toward your organization’s seat count limitations it admins cannot access any other parts of the application view, create, or modify other user accounts use the product beyond sso configuration prerequisites before starting, ensure you have an admin or it admin account in odin administrator access to your idp (e g , okta, azure ad, google workspace, ping, onelogin) one of the following idp metadata xml file (recommended) or, for manual entry sso url (single sign on url / login url) entity id / issuer x 509 signing certificate (required) must be explicitly uploaded supported formats pem, crt, or base64 encoded x 509 must match the certificate your idp uses to sign saml assertions if multiple signing certificates are available (for rollover), choose the one currently in use configure sso step 1 enable sso log in to odin as an admin or it admin navigate to account settings > organization settings toggle enable sso for all members (this will require all users except admins and it admins to sign in with sso) review the confirmation modal carefully password based login will be disabled for standard users admins and it admins will always be able to log in using both password and sso — you cannot lock yourself out make sure you have idp credentials and a test user account ready click enable sso to proceed to configuration step 2 review “our config” you’ll now see the our config section of the sso configuration wizard this page shows the service provider (sp) information you can configure your idp using either of these approaches option 1 (recommended) use the sp metadata xml copy the xml provided and paste it into your idp’s saml configuration most idps can import this xml to automatically configure acs url, entity id, and nameid format option 2 manually copy each field sso url (acs url) – paste this into your idp’s assertion consumer service url field issuer (sp entity id) – paste this into your idp’s entity id or audience field once your idp is configured, click next to continue step 3 complete “your config” in the your config section, you’ll provide your idp details back to odin enter idp metadata or manual values option 1 (recommended) paste your idp metadata xml into the field option 2 enter your sso url and issuer manually upload signing certificate (required) drag & drop your pem , crt or cer file into the certificate area, or click browse files wait until you see the green checkmark confirming the upload enable sso after a successful test, click enable sso to activate sso for your organization step 4 verify and roll out log out and log back in using sso to ensure the flow works end to end notify your team of the new login process step 5 certificate maintenance (recommended) only one signing certificate can be active at a time if your idp rotates keys, update the certificate in account settings > organization > change sso configuration page before the old one expires keep at least one admin or it admin credential with password login as a fallback in case of idp issues support if you need assistance email support\@getfocus eu live chat available in odin