Intigriti supports Single Sign-On (SSO) through OpenID Connect (OIDC) for any identity provider of your choice. It will allow company members to easily and securely access Intigriti with their identity provider credentials.
💡Please note that Intigriti does not sync user information between your
identity provider and the platform.
Activating Single Sign-On
Activating Single Sign-On
What do I need?
An Identity Provider (IdP) adhering to the OpenID Connect (OIDC) protocol.
OpenID Connect is an identity layer on top of the OAuth 2.0 framework.Your Identity Provider's discovery documentation.
A company administrator to configure the SSO settings.
Step-by-step
Go to Intigriti > Admin > More > Single Sign-On.
Add following Identity Provider information with the help of the discovery documentation:
Identity provider name
Identity provider URL
Client ID
Client secret
Click Save. You can edit the information as long as the SSO integration is inactive.
Ensure that all the necessary configurations on the identity provider side are properly completed.
💡To avoid potential lock-out of a company admin account, we recommend test
driving the SSO integration by having a company member or another company
admin try it out before converting all accounts. This will help ensure a smooth
transition without any unintended consequences.
Click Activate.
Once SSO is activated, you can enforce SSO as authentication method by:
Converting the authentication method of existing members to SSO on the Company members page.
Adding new members with authentication method SSO.
Configuring your identity provider
Configuring your identity provider
Please find below a list of the most relevant articles along with additional tips to facilitate integration between our platform and your identity provider.
Okta
Okta
Create an application using the Okta guide.
Sign-in method: OIDC - OpenID Connect
Application type: Web application
Grant type: Client Credentials
Sign-in redirect URIs: < redirect URL >
Sign-out redirect URIs: < empty >
Base URIs: < empty >
Controlled access: < according to your company's policy >
Open the earlier created application via Console > Applications > Applications.
Go to General > Client Credentials.
Retrieve the following information:
Auth0
Auth0
Create an application using the Auth0 guide.
Application name: 'Intigriti'
Application type: ✅ 'Regular Web Applications'
Open the newly created application.
Go to Settings.
Retrieve the following information from the Basic information section:
Identity provider URL = Domain
Client ID
Client Secret
Add the Redirect URL provided on the Intigriti SSO Settings page to the Allowed Callback URLs in the Application URIs section:
Azure Active Directory
Azure Active Directory
Click Create your own application.
Add the application name: Intigriti SSO.
Indicate the application purpose:
✅ Integrate any other application you don't find in the gallery (Non-gallery).Click Create.
Go to the Default Directory > Manage: App registrations > All applications.
Select the earlier created application 'Intigriti SSO' and retrieve following info:
Redirect URL
Add the Redirect URL provided on the 'Intigriti SSO' Settings page.
Deactivating Single Sign-On
Deactivating Single Sign-On
Please beware that upon deactivation of SSO:
The authentication method of all company members is set back to password.
All active converted company members will receive an email request to setup a new password and use this to login from now on.
Company members are no longer redirected to your identity provider and can only access Intigriti with their local account credentials.
Step-by-step
Go to Intigriti > Admin > More > Single Sign-On.
Click Deactivate.
Note that your SSO configuration will remain available, allowing you to easily enable it again in the future if desired.