Single sign-on (SSO)

Tonic Structural supports integrations with several external single sign-on (SSO) providers to allow users to use SSO to create accounts and log in to Structural.

You first complete the configuration in your SSO provider, then configure the connection in Structural

• For self-hosted instances, the SSO configuration takes the form of environment settings.

• On Structural Cloud, the SSO configuration is on the Access Management tab of Structural Settings view.

To only allow SSO authentication:

• On self-hosted instances, set the REQUIRE_SSO_AUTH to true.

• On Structural Cloud, under Login methods, check the Require SSO for login checkbox.

When you require SSO authentication, Structural disables standard email/password authentication. All account creation and login is handled through your SSO provider. If multi-factor authentication (MFA) is set up with your SSO, then all authentication must go through your provider's MFA.

How SSO works in Structural

Required configuration for each SSO provider

To use SSO in Structural, you must have a valid license for the SSO functionality. You must also configure Structural environment variables. The required variables differ by provider.