Enabling SSO on a self-hosted instance

On Ephemeral Cloud, users who have a corporate Google email address can use the built-in Google single sign-on (SSO) configuration to sign up for and log into Ephemeral.

You can also enable SSO on a self-hosted instance. Tonic Ephemeral respects the access control policy of your single sign-on (SSO) provider. To access Ephemeral, users must be granted access to the Ephemeral application within your SSO provider.

To enable SSO on your self-hosted instance, you first complete the required configuration in the SSO provider. You then configure Ephemeral to connect to it.

After you enable SSO, users can use SSO to create an account in Ephemeral.

To only allow SSO authentication, in your Helm chart, set sso.isRequired to true.

For self-hosted instances, Ephemeral supports the following SSO providers: