Versions Compared

Old Version 1

changes.mady.by.user Harald Saller

Saved on

compared with

New Version Current

changes.mady.by.user Harald Saller

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Scroll Documents: Update page title prefix
Scroll translation info

Single Sign-On (SSO) is an authentication method that can be used via a cloud-based identity provider (IdP) to access the local device and apps. This article describes the options used for configuring SSO in IGEL OS.

Info
See (12.4-de_orig) How to Configure Single Sign-On (SSO) on IGEL OS 12 for a detailed description of the entire SSO configuration process.

...

Menu path: Security > Logon > Single Sign-On


Image RemovedImage Added


Single Sign-On with identity provider

...

Info

To have a fallback option if something goes wrong with SSO, e.g. a network failure, it is recommended to configure local login in addition under Security > Logon > Local User. For more information, see (12.4-de_orig) Local User.

SSO is not used. (Default)

...

  • Azure AD: Use Microsoft Entra ID as IdP
  • Okta
  • OpenID Connect
  • Ping Identity | PingOne
  • VMware Workspace ONE Access

Identity Provider Is Set to "Azure AD"

Azure AD Tenant Name/ID

The value you have obtained as Directory (tenant) ID in the Microsoft Entra ID Portal.

...

Info
If the login method is configured and the Allow system logoff option is enabled under System > Power Options > Shutdown, the user can log off the device through the shutdown menu. For information on how to access the shutdown menu, see (12.4-de_orig) Commands. For information on how to configure the shutdown menu, see (12.4-de_orig) Shutdown.

Identity Provider Is Set to "Okta"

Okta URL

The URL of the Okta identity provider.

...

This is a value created by the identity provider. The value can be copied from the Identity Provider Admin Console.

Identity Provider Is Set to "OpenID Connect"

This option can be used for various identity providers that support OpenID Connect.

...

The client secret that has been created by your identity provider.

Identity Provider Is Set to "Ping Identity | PingOne"


PingOne issuer URL

The URL at the Ping Identity / PingOne site where the OpenID configuration document for your application can be found. This is the part of the path that precedes /.well-known/openid-configuration

...

The client secret that has been created in Ping Identity / PingOne for your application.

Identity Provider Is Set to "VMware Workspace ONE Access"

Workspace ONE Access issuer URL

...

The client secret that has been created in Workspace ONE Access for your client.

Automatic Desktop Login

As an alternative to the interactive desktop login, predefined user credentials can automatically be provided to the IdP on startup. The credentials are stored securely on the endpoint device.

...