Single sign-on (SSO)

Tonic supports a variety of integrations for authenticating users.

Single sign-on requires a Professional or Enterprise license.
Tonic supports integrations with several external single sign-on (SSO) providers to allow users to use SSO to create accounts and log in to Tonic.
To only allow SSO authentication, set the environment variable REQUIRE_SSO_AUTH to true. This disables standard email/password authentication. All account creation and login is handled through your SSO provider. If MFA is set up with your SSO, then all authentication must go through your provider's MFA.
How SSO works in Tonic
User authentication
How SSO users create Tonic accounts and log in to Tonic.
​
Share workspaces with SSO groups
Identify SSO groups that can be granted non-user access to workspaces.
​
Required configuration for each SSO provider
To use SSO in Tonic, you must have a valid license for the SSO functionality. You must also configure Tonic environment variables. The required variables differ by provider.
In addition to these providers, Tonic also integrates with Duo Security SSO and PingID.
AWS SSO
Integrate with AWS SSO to manage Tonic users.
​
Azure Active Directory
Integrate with Azure Active Directory to manage Tonic users.
​
Google Account SSO
Integration with Google Account SSO to manage Tonic users.
​
Keycloak
Integrate with Keycloak to manage Tonic users.
​
Okta
Integrate with Okta to manage Tonic users.
​
SAML
Integrate with a SAML-based provider to manage Tonic users.
​

Installing and Administering Tonic - Previous

Managing user access to Tonic

User authentication and groups

Last modified 28d ago