Single sign-on (SSO)

Required license: Professional or Enterprise
Tonic supports integrations with several external single sign-on (SSO) providers to allow users to use SSO to create accounts and log in to Tonic.
To only allow SSO authentication, set the environment variable REQUIRE_SSO_AUTH to true. This disables standard email/password authentication. All account creation and login is handled through your SSO provider. If multi-factor authentication (MFA) is set up with your SSO, then all authentication must go through your provider's MFA.
How SSO works in Tonic
User authentication
How SSO users create Tonic accounts and log in to Tonic.
​
Limit groups for Tonic
Identify SSO groups that are displayed in Tonic.
​
View the list of groups
View the list of SSO groups for which users have logged in to Tonic
​
Required configuration for each SSO provider
To use SSO in Tonic, you must have a valid license for the SSO functionality. You must also configure Tonic environment variables. The required variables differ by provider.
In addition to these providers, Tonic also integrates with Duo Security SSO and PingID.
AWS SSO
Integrate with AWS SSO to manage Tonic users.
​
Azure Active Directory
Integrate with Azure Active Directory to manage Tonic users.
​
GitHub
Integrate with GitHub to manage Tonic users.
​
Google Account SSO
Integration with Google Account SSO to manage Tonic users.
​
Keycloak
Integrate with Keycloak to manage Tonic users.
​
Okta
Integrate with Okta to manage Tonic users.
​
OpenID Connect (OIDC)
Integrate with OpenID Connect to manage Tonic users.
​
SAML
Integrate with a SAML-based provider to manage Tonic users.
​

Last modified 1mo ago