Single sign-on (SSO)

Required license: Professional or Enterprise

Tonic Structural supports integrations with several external single sign-on (SSO) providers to allow users to use SSO to create accounts and log in to Structural.

To only allow SSO authentication, set the environment setting REQUIRE_SSO_AUTH to true. This disables standard email/password authentication. All account creation and login is handled through your SSO provider. If multi-factor authentication (MFA) is set up with your SSO, then all authentication must go through your provider's MFA.

How SSO works in Structural

User authentication

How SSO users create Structural accounts and log in to Structural.

Limit groups for Structural

Identify SSO groups that are displayed in Structural.

View the list of groups

View the list of SSO groups for which users have logged in to Structural.

Required configuration for each SSO provider

To use SSO in Structural, you must have a valid license for the SSO functionality. You must also configure Structural environment variables. The required variables differ by provider.

AWS IAM Identity Center

Integrate with AWS IAM Identity Center to manage Structural users.

Duo

Integrate with Duo to manage Structural users.

GitHub

Integrate with GitHub to manage Structural users.

Google Account SSO

Integration with Google Account SSO to manage Structural users.

Keycloak

Integrate with Keycloak to manage Structural users.

Microsoft Entra ID

Integrate with Microsoft Entra ID (previously Azure Active Directory) to manage Structural users.

Okta

Integrate with Okta to manage Structural users.

OpenID Connect (OIDC)

Integrate with OpenID Connect to manage Structural users.

SAML

Integrate with a SAML-based provider to manage Structural users.

Last updated 27 days ago