Skip to main content

About Single Sign-On

Single Sign-On (SSO) in Iru Endpoint allows team members to log into the Iru Endpoint Web App using their existing identity provider credentials, providing centralized authentication management.

How It Works

Team Members have four options for logging into the Iru Endpoint Web App: Passkeys, Google Social, Microsoft Social and Single Sign-On (SSO). By default, Passkeys, Google Social, and Microsoft Social authentication are activated for all tenants, offering login through Passkeys, Google, Microsoft. Admins have the option to enable SSO using either native integrations or Custom SAML. Once an SSO setup is complete, the default connections can be turned off, allowing SSO to be the only login method. SSO can also be used for Require Authentication in the Automated Device Enrollment Library Item. To learn more about requiring authentication during enrollment, see this support article.

SSO Connection Types

Iru Endpoint currently supports the following Single Sign-on connection types. Click on one of the following connection types to learn how it can be configured.

Allowing Tenant Authentication and Managing Connections

Once you have configured an SSO connection in both Iru Endpoint and your identity provider (IdP), you can allow the SSO connection to be used for tenant authentication.
1

Access Connection Menu

Click the ellipsis next to the connection name.
2

Allow for Tenant Authentication

Click Allow for tenant authentication from the menu. Connections can also be re-configured, deleted, and disabled from this menu.

Considerations

  • An SSO connection does not need to be allowed for tenant authentication to be used for Require Authentication during Device Enrollment.
  • A connection should only set to Allow tenant authentication in Settings if you want to authenticate Iru Endpoint administrators to the web app with that connection.
  • Authentication to the Iru Endpoint Web App using SSO requires that the user has been invited as a Team Member.

Enforcing Single Sign-On

Once you have configured at least one Single Sign-on connection, and logged in with that connection, you can disable the Passkey, Google Social, and Microsoft Social connections. Disabling these connections will disable the ability for Iru Endpoint administrators in your tenant to authenticate via Google or Microsoft social logins, and Passkeys.
Before disabling Passkey, Google Social, and Microsoft Social, ensure your SSO connection is functioning correctly. We suggest verifying this by using a private browser window.
1

Navigate to the Account Menu Button

In Iru Endpoint, in the sidebar, click the Account Menu Button.
2

Access Authentication Settings

Click the Access option in the menu.
3

Connection Menu

Click the ellipsis next to Passkey.
4

Disable for Passkey Tenant Authentication

Click Disable for tenant authentication
5

Disable Social Tenant Authentication

Repeat the previous steps for the Google Social and Microsoft Social connections.
If you lose access to your Iru Endpoint tenant via SSO and need to have Passkey, Google Social, or Microsoft Social connections re-enabled, please contact Iru Endpoint support.

Disabling or Deleting SSO Connections

If you decide to stop using SSO, you can delete it or disable it for tenant authentication using the same ellipses used to enable it. When there is only one SSO connection enabled for tenant authentication, and Passkey, Google Social, and Microsoft Social are disabled, you will not be able to disable that SSO connection to prevent tenant lockout. You would first need to enable another connection, and authentication with that other connection before disabling the SSO connection.

Considerations

Testing: Always test your SSO connection thoroughly before disabling Passkey, Google Social, and Microsoft Social connections to prevent tenant lockout. User Management: Ensure all necessary users have been invited as Team Members before relying solely on SSO authentication. Backup Access: Keep at least one of the Passkey, Google Social, or Microsoft Social connections enabled until you’re confident your SSO setup is working correctly for all users. Support: If you encounter issues with an SSO connection, Passkey, Google Social, or Microsoft Social connections can be re-enabled by contacting Iru Endpoint support.