Single Sign-On centralises authentication: your employees log into Illizeo with their Microsoft, Google, Okta or OneLogin credentials. Fewer passwords to manage, stronger security.
Supported standards #
| Standard | Use case | Compatibility |
|---|---|---|
| SAML 2.0 | Enterprises with Okta, Azure AD, OneLogin | 100% of major IdPs |
| OpenID Connect | Modern apps, Google Workspace | Google, Microsoft, Okta |
| SCIM 2.0 | Auto user provisioning | Okta, Azure AD, OneLogin |
| OAuth 2.0 | API and third-party apps | All major providers |
Step-by-step #
-
Pick the IdP #
Microsoft Azure AD, Google Workspace, Okta, OneLogin, JumpCloud. Guided setup for the main ones.
-
Configure on the IdP side #
Create an Illizeo application, copy the metadata (Entity ID, ACS URL, certificate).
-
Configure on the Illizeo side #
Security → SSO → Enable. Paste IdP metadata. Map email + name + department.
-
Test with a pilot account #
Run an SSO login for a test account. Verify attribute mapping.
-
Enforce or leave choice #
SSO mandatory (recommended) or in parallel with local password.
FAQ #
SSO mandatory or optional?
SSO Required mode recommended. Keep a break-glass admin account with local password for emergencies.
What about auto-provisioning?
SCIM 2.0 creates and disables Illizeo accounts automatically when the IdP changes them.
What if the IdP is down?
Break-glass account usable. Prevents lock-outs.
Multi-tenant and SSO?
Each tenant has its own IdP. Global groups can federate multiple tenants.
