Configure SSO
Add an authentication method
Select the Admin and authentication tab (if needed) and scroll to Authentication methods. Click + Authentication method.
Create SSO connection
Enter a display name, select the connection type (Microsoft Entra ID, Google Workspace, or Custom SAML for other providers), and click Create.
Complete the provider configuration
Follow the configuration prompts in Iru Endpoint and in your identity provider (e.g., redirect URL, client ID, client secret). Finish the setup in Iru Endpoint as prompted.
Allow for tenant authentication
When the connection is configured, click the ellipsis next to the connection name and select Allow for tenant authentication so team members can sign in with SSO.
Supported SSO connection types
Iru Endpoint supports the following SSO connection types:- Microsoft Entra ID (Native) and Microsoft Entra ID (SAML)
- Google Workspace (Native) and Google Workspace (SAML)
- Okta (SAML), JumpCloud (SAML), OneLogin (SAML), and Custom SAML
Considerations
- Passkey, Google Social, and Microsoft Social remain available by default. You can disable them after SSO is configured and tested (ellipsis → Disable for tenant authentication).
- An SSO connection can be used for Require Authentication during enrollment without being allowed for tenant authentication.
- Team members must be invited in Access before they can sign in with SSO. Test in a private browser window before disabling other authentication methods to avoid lockout.
Next Steps
After configuring SSO:Set up user directory integration
See User Directory Integration to sync users.
Set up platform integrations (one or more)
Set up the platforms you plan to manage. You can enable one, two, or all three:
- Apple Setup: Configure APNs, Apple Business Manager, and Apps and Books
- Windows Setup: Enable the Windows platform and configure settings
- Android Setup: Enable Android and configure Android Enterprise