Overview ENTERPRISE
Styra supports OpenID Connect for Single Sign On (SSO). Configure SSO using the following settings:
- Under WORKSPACE on the left-hand navigation panel, click
<das-id>.styra.com
. - Click Access Control tab.
- Click Single Sign-On Providers.
- Click OpenID Connect tab.
When you click the Add OpenIDConnect Provider
to create a new SSO provider, you must provide the following details:
- Provider name: The name for your identity provider setting, for example: "Corporate Okta". This name will be visible for the users on the login page.
- Issuer URL: Your identity provider.
- Client ID: Your identity provider.
- Client Secret: Your identity provider.
- Allowed Domains: The allowed authentication domain(s) of your users. For example,
tenant.com
. If the identity provider supports multiple domains, only users with these domains are allowed to access the service. - Scopes: The scopes that will be requested from the identity provider. By default, Styra will request the
openid
,email
, and theprofile
scopes.
tip
The email scope is REQUIRED if your identity provider does not return an email in any of the returned claims.
Invited users only:
If enabled, the authenticated user must have a pre-existing account in the service.
If disabled, a new user account will be created just-in-time for any authenticated user, as long as the user's domain matches one of the allowed domains, and the identity provider has assigned this user to the Styra application.
Enabled: Set it to
TRUE
.