Opti ID lets you configure up to five single sign-on (SSO) connections for your organization. When configuring multiple SSO connections, they can each use different authentication protocols and identity providers (IdP):
- Available authentication protocols – Security Assertion Markup Language (SAML) and OpenID Connect (OIDC)
- Available identity providers – Entra ID, Okta. PingOne
For each SSO connection, you can also:
- Associate the SSO connection with a Domain Name System (DNS) domain to automatically provision new users in your organization.
- Sync groups from your SSO provider (Entra ID, Okta, PingOne) to automatically add users to existing groups within Opti ID when they sign in.
- Add external collaborators who are not part of your SSO organization to collaborate on projects.
- Enable IdP-initiated login (Entra ID or Okta), which lets users who are already logged in with your organization's SSO provider navigate to Opti ID without the need to log in again.
Whether you configure one SSO connection or five SSO connections, that forces all your users to log in using SSO.
Add SSO connections
See the following documentation to configure an SSO connection using SAML or OIDC with your preferred IdP. You can repeat the steps in each article to create up to five additional SSO connections.
- Configure SAML SSO with Entra ID
- Configure SAML SSO with Okta
- Configure SAML SSO with PingOne
- Configure OIDC SSO with Entra ID
- Configure OIDC SSO with Okta
- Configure OIDC SSO with PingOne
As described in those articles, you must enter a name for each SSO connection that will display to users when they log in. This name helps users select the correct SSO connection for their login. All of your configured SSO connections display on the Opti ID login page for all of your organization's users; each user must select the SSO connection that applies to them.
The image below shows how the login page displays to users if your organization has two SSO connections configured; one named acme.com and the other named gov.acme.com.
Use cases
The following are some use cases for configuring multiple SSO connections.
Users are segmented across domains and SSO logins
For example, customer Acme (acme.com) has a sub-company (gov.acme.com) that deals with sensitive government contracts, and those users need to log in with higher security measures. To enable this, you can set up two separate SSO connections; one to handle the general acme.com users and one to handle the gov.acme.com users.
You need to make changes to your existing SSO connection
If you updated your organization's SSO configuration or created an SSO connection with an error, it is a good idea to create a new SSO connection in Opti ID first with the updated information before removing the old connection. This prevents users from converting to local login and receiving activation emails from Opti ID.
Article is closed for comments.