Creating an SSO integration

Oomnitza integrates with SSO solutions to simplify access to the platform, and help better track and monitor permissions across your organization.

The following integrations are supported:

• GSuite
• Azure Active Directory
• Okta
• OneLogin
• SAML
• Ping Identity

SSO

Create an SSO integration in Oomnitza to enable you to authenticate via your chosen provider, such as Google or Okta, through the web UI.

You'll have three configurable options when creating an SSO integration:

Just-in-time (JIT) provisioning

Select this option if you want to support JIT provisioning. JIT provisioning automatically creates a user account the first-time users try to log in to applications. Alternatively, you will need to manually create a user account for each new user in Oomnitza. 

When you select JIT provisioning, you must provide values for the following fields:

Default role

The Default Role that the newly imported or JIT provisioned users will be assigned at the time their account is created. 

Name identifier

The name identifier is used to identify the imported or JIT-provisioned user. 

SSO only

Select this option if you wish to prevent standard authentication to Oomnitza. This option will remove the username and password option and require that users log in only via SSO. We suggest that you do not select this option until you have tested the SSO feature and verified it works correctly. When this setting is turned on, your login screen will look like this (with a different icon depending on the SSO provider):

Enable multifactor authentication

Select this option to add a layer of protection to the sign-in process. When accessing Oomnitza, the user will need to provide additional identity verification, such as entering a code received by phone.

Related Links

Creating an SSO integration for Azure users

Setting up SAML 2.0 Single Sign On

Creating an SSO integration for G Suite users

Creating an SSO integration for Okta

Global SAML settings