Integrate enterprise SSO in 5 mins: supporting SAML and OIDC

Logto has released Enterprise SSO, supporting easy integration with any IdP using SAML or OIDC, complemented by a step-by-step guide and ready-to-use authentication flows.
RanProduct & Design
December 06, 20234 min read
Integrate enterprise SSO in 5 mins: supporting SAML and OIDC

Did you know? Over 64% of large companies utilize single sign-on (SSO) for their identity management. With businesses constantly seeking efficient solutions, it's crucial to stay ahead. That's why we're thrilled to introduce Logto's new Enterprise SSO feature, a versatile tool supporting both SAML and OIDC connections. This solution offers an effortless setup and an intuitive user experience. We're eager for your thoughts and an upvote on Product Hunt!

Why SSO matters for your business

SSO simplifies the login process, enabling users to access multiple services with just one set of credentials. This not only centralizes user management but also enhances security and reduces IT costs. It's particularly vital for:

  • B2B services: operate in a multi-tenancy environment, often using varied identity providers.
  • B2E services: need streamlined employee identity management.

What you need is the SP-Initiated SSO

Your service, as the Service Provider (SP), must offer SP-Initiated SSO to meet enterprise-level demands. This process starts when a user accesses a service (SP) and is redirected to their Identity Provider (IdP) for authentication. Post authentication, the user gains access to the SP, ensuring a secure and efficient login process.

SSO flow

For successful SP-Initiated SSO implementation, your service must consider these aspects:

  1. Connection: Establish a robust SSO connection between your SP and various IdPs, regardless of Okta, Google Workspace, OneLogin, or Ping… Don’t worry about the differences, SAML or OIDC protocol helps the standard connection.
  2. User Experience: Seamlessly integrate SSO with existing auth flows, using enterprise email domains to identify and redirect SSO-enabled users.
  3. Management: Ensure smooth management of enterprise identities, with features like auto-registration and existing account binding.

Logto's solution significantly reduces the time and effort needed to develop these capabilities, providing a comprehensive, secure SSO solution right out of the box.

Discover Logto SSO capabilities

Why not explore Logto SSO's features yourself? Start for free in our developer environment, where configuration is straightforward and developer-friendly.

Effortless SAML and OIDC Integration

  • Standard protocols: Connect with any identity provider using SAML (XML-based framework, ideal for web apps, widely used in enterprises.) or OIDC ( JSON-based, modern and easy to integrate, great for web and mobile apps).
  • Simplified configuration: Enjoy easy setup with step-by-step guides for each connection type. And pre-filled value for built-in connectors, including Okta, Google Workspace, and Microsoft Entra ID (Azure AD) which will continue to add new ones.
  • Flexibility and reliability: Configure using Metadata URL, XML file, or manual entry, ensuring compatibility with various provider requirements. Metadata URL is the simplest because Logto will fetch the metadata details from the URL automatically and auto-update the certificate to the newest.
SSO connector configure

Customizable SSO experience

  • Domain-based redirection: Easily direct users to the appropriate IdPs by defining their enterprise email domains. Logto's SSO solution adapts to your growing organizational needs:
    • Link multiple email domains to a single SSO connector.
    • Assign one email domain to various SSO connectors, enabling users to choose their preferred IdP upon entering their enterprise email.
  • Personalized interface: Personalize your SSO connector with unique display names and logos. This feature enhances user recognition during one email domain mapping to various SSO connectors. It's optional; if not used, defaults are applied.
Customize SSO experience

Out-of-the-box authentication flows

  1. Effortless integration: Activate enterprise SSO within the “Sign-in experience” settings. Choose to fully enable all SSO configurations or simply display the SSO button, signaling to clients that single sign-on is ready for use.
  2. Unified sign-in process: Logto's SSO experience integrates smoothly with your existing login setup. SSO activates automatically for users signing in with an SSO-enabled enterprise email, ensuring a cohesive and secure authentication journey. Learn more
experience configure

Logto's comprehensive SSO solution empowers your business to efficiently cater to enterprise needs, reducing development costs and enabling your team to focus on innovation.

Integrate SSO in 5 mins

For an in-depth understanding, explore our detailed documentation or watch our quick guide video on setting up an SSO connector for Microsoft Entra ID (Azure AD) with SAML, and enabling SSO for user experience in just 5 minutes!