Enable SSO on Authentication API
By configuring SSO (Single Sign-On), you can integrate your existing corporate IdP (Identity Provider) with the NocodilySuite IAM API.
Employees can then log into WebUIs on NocodilySuite using their existing corporate accounts.
Note
SSO integration is available on the Enterprise plan.
Supported Protocols
| Protocol | Examples |
|---|---|
| SAML 2.0 | Microsoft Entra ID (formerly Azure AD), Okta, Google Workspace |
| OIDC (OpenID Connect) | Google, GitHub, Auth0 |
SAML 2.0 Setup
- Select a team in the console and open the target IAM API.
- Go to "Settings" > "SSO Settings".
- Select "SAML 2.0".
- Register the following information in your IdP (e.g., Microsoft Entra ID):
| Field | Description |
|---|---|
| Entity ID | The SP (Service Provider) entity ID shown in the console |
| ACS URL | The Assertion Consumer Service URL shown in the console |
- Enter the IdP's metadata XML or metadata URL into the console.
- Configure attribute mappings:
| IdP Attribute | Maps To |
|---|---|
| Email address | email |
| Display name | name |
- Click "Save".
OIDC Setup
- Select a team in the console and open the target IAM API.
- Go to "Settings" > "SSO Settings".
- Select "OIDC".
- Obtain the following information from your IdP (e.g., Google) and enter it:
| Field | Description |
|---|---|
| Client ID | The client ID issued by the IdP |
| Client Secret | The client secret issued by the IdP |
| Issuer URL | The IdP's OpenID Configuration URL |
- Register the callback URL (shown in the console) with your IdP.
- Click "Save".
Behavior After SSO Setup
- A "Sign in with SSO" button appears on the WebUI login screen.
- When a user logs in via SSO, they are authenticated through the IdP before accessing the WebUI.
- A user account is automatically created in the IAM API upon the first SSO login.
Notes
- After enabling SSO, regular email/password login remains available.
- To disable password authentication, turn off password login from "Authentication Settings" in the console.
- SSO is configured per IAM API. If you manage multiple IAM APIs, each one must be configured separately.