Skip to main content

About Single Sign-On

Single Sign-On (SSO) in Iru Endpoint allows team members to log into the Iru Endpoint Web App using their existing identity provider credentials, eliminating the need for separate passwords and providing centralized authentication management.

How It Works

Team Members have two options for logging into the Iru Endpoint Web App: Standard Authentication and Single Sign-On (SSO). By default, Standard Authentication is activated for all tenants, offering login through Google, Microsoft, and email/password. Admins have the option to enable SSO using either native integrations or Custom SAML. Once an SSO setup is complete, Standard Authentication can be turned off, allowing SSO to be the only login method. SSO can also be used for Require Authentication in the Automated Device Enrollment Library Item. To learn more about requiring authentication during enrollment, see this support article.

SSO Connection Types

Iru Endpoint currently supports the following Single Sign-on connection types. Click on one of the following connection types to learn how it can be configured.

Enabling and Managing Connections

You can enable the connection once you have configured an SSO connection in both Iru Endpoint and your identity provider (IdP).
1

Access Connection Menu

Click the ellipsis next to the connection name.
2

Enable Connection

Click Enable from the menu. Connections can also be re-configured, deleted, and disabled from this menu.

Considerations

  • An SSO connection does not need to be Active to be used for Require Authentication during Device Enrollment.
  • A connection should only be Active in Settings if you want to authenticate Iru Endpoint administrators to the web app with that connection.
  • Authentication to the Iru Endpoint Web App using SSO requires that the user has been invited as a Team Member.

Enforcing Single Sign-On

Once you have configured at least one Single Sign-on connection, you can disable the Iru Endpoint Standard Authentication connection. Disabling Iru Endpoint Standard Authentication will disable the ability for Iru Endpoint administrators in your tenant to authenticate via Google or Microsoft social logins, and email/password.
Before disabling Iru Endpoint Standard Authentication, ensure your SSO connection is functioning correctly. We suggest verifying this by using a private browser window.
1

Navigate to Settings

Navigate to the Settings page.
2

Access Authentication Settings

Click the Access tab and find the Authentication section.
3

Access Standard Authentication Menu

Click the ellipsis next to Standard Authentication.
4

Select Disable Option

Click the Disable option.
5

Confirm Disable Action

A confirmation modal will open.
6

Complete Disable Process

Click Disable.
If you lose access to your Iru Endpoint tenant via SSO and need to have Standard Authentication re-enabled, please contact Iru Endpoint support.

Disabling or Deleting SSO Connections

If you decide to stop using SSO, you can delete or disable a connection using the same ellipses used to enable it. When you delete or disable your last Single Sign-on connection, Iru Endpoint Standard Authentication will automatically be re-enabled to prevent tenant lockout.

Considerations

Testing: Always test your SSO connection thoroughly before disabling Standard Authentication to prevent tenant lockout. User Management: Ensure all necessary users have been invited as Team Members before relying solely on SSO authentication. Backup Access: Keep Standard Authentication enabled until you’re confident your SSO setup is working correctly for all users. Support: If you encounter issues with SSO, Standard Authentication can be re-enabled by contacting Iru Endpoint support.