Aller au contenu principal

Enterprise SSO Configuration

Configure Single Sign-On (SSO) to enable your users to log in with their corporate identity credentials.

Overview

Supported SSO protocols and providers:

ProviderProtocolStatus
Microsoft Entra IDOIDC/SAMLCertified
OktaOIDC/SAMLSupported
Google WorkspaceOIDCComing Q3 2026
Generic OIDCOIDCSupported
Generic SAML 2.0SAMLSupported

Benefits of SSO

  • Simplified login — One set of credentials
  • Centralized control — Manage access in your identity provider
  • MFA enforcement — Use your organization's MFA policies
  • Automatic provisioning — Users created on first login
  • Audit trail — Track all authentications
  • GDPR compliant — No password storage in Noxys

Prerequisites

  • Admin role on your Noxys tenant
  • Administrator access to your identity provider
  • Redirect URI: https://noxys.cloud/auth/callback

Microsoft Entra ID (OIDC)

Step 1: Register an Application in Entra ID

  1. Go to Azure Portal > Entra ID > App registrations > New registration
  2. Set the name to Noxys
  3. Set redirect URI to https://noxys.cloud/auth/callback (Web)
  4. Click Register

Step 2: Configure Credentials

  1. Go to Certificates & secrets > New client secret
  2. Copy the Client ID and Client Secret
  3. Note your Tenant ID from the overview page

Step 3: Configure Noxys

  1. Go to Settings > Authentication > SSO
  2. Select OIDC
  3. Enter:
    • Issuer URL: https://login.microsoftonline.com/{tenant-id}/v2.0
    • Client ID: from Step 2
    • Client Secret: from Step 2
  4. Click Save & Test

Okta (OIDC)

Step 1: Create an Application in Okta

  1. Go to Applications > Create App Integration
  2. Select OIDC - OpenID Connect and Web Application
  3. Set redirect URI to https://noxys.cloud/auth/callback
  4. Assign users or groups

Step 2: Configure Noxys

  1. Go to Settings > Authentication > SSO
  2. Select OIDC
  3. Enter:
    • Issuer URL: https://{your-domain}.okta.com
    • Client ID: from Okta
    • Client Secret: from Okta
  4. Click Save & Test

Google Workspace (OIDC)

Step 1: Create OAuth Credentials

  1. Go to Google Cloud Console > APIs & Services > Credentials
  2. Create an OAuth 2.0 Client ID (Web application)
  3. Add https://noxys.cloud/auth/callback as an authorized redirect URI

Step 2: Configure Noxys

  1. Go to Settings > Authentication > SSO
  2. Select OIDC
  3. Enter:
    • Issuer URL: https://accounts.google.com
    • Client ID: from Google
    • Client Secret: from Google
  4. Click Save & Test

SAML 2.0 Configuration

For SAML-based SSO, provide the following to your identity provider:

ParameterValue
ACS URLhttps://noxys.cloud/auth/saml/callback
Entity IDhttps://noxys.cloud
NameID FormatemailAddress

Then in Noxys:

  1. Go to Settings > Authentication > SSO
  2. Select SAML 2.0
  3. Upload the IdP Metadata XML or enter:
    • SSO URL: your IdP's sign-on URL
    • Certificate: your IdP's signing certificate
  4. Click Save & Test

Troubleshooting

IssueSolution
Redirect URI mismatchEnsure the callback URL matches exactly, including trailing slashes
Token validation failedCheck that the Issuer URL is correct and accessible
Users not provisionedVerify that users are assigned to the application in your IdP
SAML assertion invalidConfirm NameID format is set to emailAddress

Next Steps