Single Sign-On (SSO)

Trust Protection Foundation supports delegated authentication, allowing you to pass the responsibility of verifying user credentials to an external, central identity provider. This section covers all aspects of configuring and troubleshooting Single Sign-On (SSO) integrations.

Understanding Delegated Authentication

Before configuring SSO, it's important to understand how delegated authentication works in Trust Protection Foundation and how it differs from identity provisioning. Authentication is configured on a per-connector basis, giving you flexibility to mix authentication methods across different user populations.

Learn more about About delegated authentication.

Configuring SSO for Identity Connectors

You can configure any identity connector to use OpenID Connect (OIDC) or SAML for authentication. This allows users to authenticate through your central identity provider rather than entering local passwords.

Learn more about Configuring single sign-on for an identity connector for step-by-step instructions for both OIDC and SAML configurations.

Customizing the Login Experience

Enhance the user experience by adding SSO shortcut buttons to the login screen or by configuring seamless SSO that bypasses the local login screen entirely.

• See Configuring SSO login buttons to add provider-specific buttons to the login screen.
• See Configuring seamless SSO for Identity Provider-initiated login flows and Integrated Windows Authentication.

Advanced Configuration and Troubleshooting

For environments using synchronous Active Directory or LDAP connectors with delegated authentication, you may need to customize search expressions to ensure proper user lookup.

• See Configuring search expressions for delegated authentication (AD/LDAP only) for AD and LDAP search expression customization.
• See SAML Troubleshooting Tips for diagnostic tools and solutions to common SAML integration issues.