Single sign-on
Overview
Single Sign-On (SSO) is a mechanism by which you delegate login to a identity provider (IdP). This identity provider will decide what security checks to perform, for example requiring two-factor authentication. Another benefit is that employees can use the same password for many services.
For Microsoft Entra ID and Google Workspace we have ready-made integrations, but any identity providers supporting the OpenID-Connect protocol (OIDC) is supported.
Activate a ready-made integration
Go to Settings -> Single sign-on.
Press the Create button.
Choose your identity provider.
Click the Begin external steps link, which will guide you through the setup.
Choose the enforcement level.
If you are using Microsoft Entra ID you must enter your tenant ID.
If you are using Google Workspace, your domain must also be verified. Ask us for help.
To activate Single Sign-on, you will need to be an Admin in Skovik and a Global Admin (Microsoft Entra ID) or Administrator (Google Workspace) in your IdP.
Manual setup
For IdPs where we don't have a ready-made integration, you can still setup OIDC manually, which should take little more than half an hour.
The following values are configured in Skovik for a manual setup:
issuer
token_endpoint
authentication_endpoint
client_id
client_secret
(must be protected, treat it like a password)
The following redirect URIs must be whitelisted by the IdP:
https://skovik.com/dz/login/oidc
https://skovik.com/dz/login/oidc/native
Advanced topics
This section contains advanced details, the basics above are sufficient for most integrations.
Information for certain advanced cases:
We use the Authorization Code Flow (
response_type=code
).The user’s email is provided as
login_hint
with the initial request, unless login hints are disabled.The scopes
openid
andemail
are requested.
The email
claim must match a known employee in the Skovik system (or an alternative claim key can be specified). Most authentication providers include the email
claim by default, so typically no adjustment is required.
Protocol details
Last updated
Was this helpful?