Skip to content
English
Contact Us
  • There are no suggestions because the search field is empty.

Single Sign-On (SSO)

OvervieYou can enable users in your organization to securely and conveniently access Verify using your existing corporate Identity Provider (IdP).

Setting up SSO helps your organization:

  • Enhance security by centralizing authentication.
  • Streamline user access with credentials they already use.
  • Meet your internal security and compliance requirements.

This guide walks you through configuring SSO. The process is generally straightforward, but you'll need specific information from your organization's IdP. An Owner or Admin of your Verify organization typically manages this setup.

Key considerations before you begin

  • Understand user management: This SSO setup focuses on how your users sign in. Creating user accounts in Verify (provisioning) and managing their access if they leave your organization (de-provisioning) are typically handled through your Identity Provider (IdP) or directly within Verify.
  • Consult your IdP’s documentation: This guide gives you general steps. However, your IdP’s interface and terms for finding metadata, Login URLs, Entity IDs, and X.509 certificates might differ. Always check your IdP's official documentation for precise SAML configuration instructions.
  • Confirm administrative access: As highlighted in the prerequisites, you'll need Owner or Admin access to your Verify organization and administrator access to your IdP to set up SSO.

 

Setup

Before you start, ensure you have:

  • Owner or Admin access to your Verify organization.
  • Administrator access to your organization's Identity Provider (IdP) (e.g., Google Workspace, Microsoft Azure AD, Okta, PingOne, or another SAML 2.0 compliant IdP).
  • Familiarity with your IdP's SSO configuration process.
  • The necessary metadata or configuration details from your IdP. Section 5.2 outlines what you'll need from your IdP, and section 5.1 covers what Verify provides to your IdP.
  • Ensured the user account for testing the SSO connection (see section 5.2.5) has the right permissions and is assigned to the Verify application within your IdP.

 

Supported Identity Providers (IdPs): Flexible integration

Verify supports SSO integration with these pre-configured IdPs:

  • Google Workspace
  • Microsoft Azure AD
  • Okta
  • PingOne

Verify also integrates with any Custom SAML 2.0 compliant Identity Provider.

 

Configuration steps

You'll configure SSO by registering Verify with your Identity Provider (IdP) and then configuring Verify with the details from your IdP. Accuracy is crucial: ensure you copy all URLs, IDs, and secrets exactly between systems.

 

Information Verify provides (Service Provider details)

When you start the OAuth SSO setup in Verify, it will provide you with key information that you’ll need to register Verify as a client application with your IdP. The most important piece of information is:

  • Redirect URI (or Callback URL): This is the specific URL in Verify where your IdP will send users back after they successfully authenticate. You must register this exact URI in your IdP's application configuration. (Example: https://[your_verify_domain]/auth/callback/google-spaces)

 

Information you need from your Identity Provider

After you register Verify as an application in your IdP, your IdP will provide you with the following details. You'll need to enter these into the Verify SSO configuration screen:

  • Client ID: A unique identifier for Verify, issued by your IdP when you registered Verify as an application.
  • Client Secret: A secret key known only to Verify and your IdP. Treat this like a password and keep it confidential.
  • Authorization URL (or Authorization Endpoint): The IdP URL where Verify will redirect users to sign in.
  • Token URL (or Token Endpoint): The IdP URL where Verify will exchange an authorization code for an access token and ID token.
  • UserInfo URL (or UserInfo Endpoint - for OIDC): The IdP URL where Verify can retrieve user profile information, if not all included in the ID token.
  • Issuer URL (Optional but common for OIDC discovery): A URL that helps Verify discover your IdP's configuration details.
  • Scopes: The list of permissions Verify should request (e.g., openid email profile). Ensure these match what Verify requires and what your IdP allows.

Note: Always consult your specific IdP's documentation for instructions on how to create an OAuth/OIDC client registration and obtain these values.

 

Test your OAuth SSO configuration in Verify

Follow these general steps to input your IdP details into Verify and test the connection. The exact interface in Verify may vary.

1. Navigate to SSO authentication settings in Verify:

  1. Access the section in Verify where SSO configurations are managed (e.g., Settings > Authentication).
  2. Look for an option to add or configure OAuth/OIDC-based SSO. [Placeholder for Screenshot: Verify OAuth SSO Setup Screen]

2. Enter your IdP's OAuth/OIDC details:

  1. Carefully input the Client ID, Client Secret, Authorization URL, Token URL, UserInfo URL (if applicable), and Issuer URL (if applicable) that you obtained from your IdP in step 5.2.
  2. Specify the scopes required by Verify (e.g., openid email profile).
  3. Ensure Verify’s Redirect URI (from step 5.1) is correctly displayed or entered, and that it precisely matches what you configured in your IdP. [PlaceholderOfor Screenshot: Verify OAuth Details Input Form]

3. Save and test your SSO connection:

  1. Once you've entered all required information, save the configuration.
  2. Initiate the Test SSO setup flow. Verify will likely redirect you to your IdP's login page.
  3. Sign in using credentials for a user who is authorized to use Verify via your IdP.
  4. Upon successful authentication with your IdP, you should be redirected back to Verify, and it should confirm a successful SSO setup.
  5. If the SSO test fails: You'll typically be redirected to Verify or an error page.
    • As the administrator, you should still be able to log in to Verify using your original Verify credentials to adjust the settings.
    • Note any error messages from Verify or your IdP.
    • Double-check all entered values (Client ID, URLs, Redirect URI matching), the Client Secret, configured scopes, and ensure the test user is correctly permissioned in the IdP.

 

Manage your OAuth SSO configuration

Once OAuth SSO is active, you can usually manage it from the same SSO settings area in Verify where you configured it.

 

Edit your OAuth SSO configuration

  1. Navigate to the Settings > SSO page in Verify.
  2. Find the option to Edit your existing OAuth SSO configuration.
  3. The configuration modal or page will appear, pre-filled with your current details.
  4. Make any necessary changes to the Client ID, Client Secret, URLs, or scopes.
    • Important: If you change the Redirect URI in Verify (if possible), you must update it in your IdP as well. If your IdP issues a new Client Secret, ensure you update it in Verify.
  5. After making changes, you'll likely need to save and re-test the SSO connection to confirm everything works correctly.

 

Disabling your OAuth SSO configuration

  1. Navigate to the SSO settings page in Verify.
  2. Locate and click the option to Disable SSO or specifically disable your OAuth configuration.
  3. A confirmation message will likely appear. Confirm your choice.
  4. Once disabled, users in your organization will no longer log in using this OAuth SSO method.

Important: If you disable SSO, your users will need an alternative way to log in, such as using a Verify-specific username and password. If they were relying solely on SSO, ensure they know how to set up or reset their Verify-specific password (e.g., via a "Forgot password?" link).