Skip to main content
Version: 0.20.6

SSO with AskUI

Welcome to the Single Sign-On (SSO) setup guide. This document will guide you through obtaining the necessary credentials from your Identity Provider (IdP) and coordinating with our staff to ensure a smooth and secure integration for a variety of supported SSO providers.

Prerequisites

Before you begin, ensure you have administrative access to your organization’s IdP service and that your enterprise account with us is eligible for SSO integration.

Note: If you do not have an Enterprise account and are interested in this feature, please contact our sales team for more information on upgrading your account. Book a call

Supported Identity Providers

Our platform supports SSO integration with a wide range of identity providers including, but not limited to:

  • Active Directory/LDAP
  • ADFS
  • Azure Active Directory Native
  • Google Workspace
  • OpenID Connect
  • Okta
  • PingFederate
  • SAML
  • Azure Active Directory

For More Information: To learn more about the identity providers supported for SSO integration, please visit Auth0 Enterprise Identity Providers documentation. This resource provides detailed information on each provider and guidance on integration specifics.

Step 1: Determining Your SSO Protocol

Identify the SSO protocol or federated identity provider your organization uses from the list of supported providers above.

Step 2: Gathering Necessary Data from Your Identity Provider

To set up SSO, you will need to provide our team with specific information from your IdP. Here is what you will typically need from each provider:

Common Data Required Across All Providers

  • Domain Name: Your organization's domain associated with the IdP.
  • Client ID: The unique identifier for your application registered with the IdP.
  • Client Secret: A secret key used by your application to authenticate with the IdP.

Provider-Specific Data

Active Directory/LDAP

  • Server URL: The LDAP server URL.
  • Bind DN: The distinguished name to bind to the LDAP server.
  • Bind Credentials: The password or other credentials required to bind to the LDAP server.

ADFS

  • Federation Metadata URL: The URL where the federation metadata is published.
  • Relying Party Trust Identifier: The identifier for your service configured in ADFS.

Azure Active Directory Native

  • Tenant ID: The unique identifier of your Azure AD tenant.
  • Redirect URI: The URI where the IdP sends the authentication response.

Google Workspace

  • Service Account Email: The service account email used for Google Workspace integration.
  • Service Account Key: The private key associated with the service account.

OpenID Connect

  • Issuer URL: The URL of your IdP to verify the issuer of the token.
  • Scopes: The scopes of access you are requesting.

Okta

  • Okta Domain: Your Okta account domain.
  • API Token: A token to authenticate API requests.

PingFederate

  • PingFederate Server URL: The URL to your PingFederate server.
  • Partner's Entity ID: The entity ID of your partner configuration in PingFederate.

SAML

  • SAML SSO URL: The endpoint URL for SAML Single Sign-On.
  • X.509 Certificate: The certificate to sign SAML requests.

Azure Active Directory

  • Azure AD Identifier: The unique identifier for your Azure AD directory.
  • Reply URL (Assertion Consumer Service URL): The URL to which the SAML assertion is sent.

Note: This list is not exhaustive, and additional information may be required by your IdP. Ensure all sensitive information is shared securely and refer to the latest documentation provided by the IdP for detailed requirements.

Step 3: Requesting Data

Request the required data from your IdP. If possible, also request a test user to facilitate the setup and testing processes.

Step 4: Setting Up the Connection

To set up Single Sign-On (SSO) for your account, reach out to our dedicated support team. They will take care of the entire SSO configuration process tailored to your selected Identity Provider (IdP). Our team is committed to ensuring a seamless and secure connection. Please contact us at:

  • Email: support@askui.com

Step 5: Testing the Integration

After configuring SSO, test the login and sign up process with a user account from your domain to verify that the integration works as expected.

Support and Troubleshooting

For any questions or assistance, our support team is ready to help. Reach out with any concerns or if you require troubleshooting assistance.