About Single Sign-On
Single Sign-On (SSO) in Iru Endpoint allows team members to log into the Iru Endpoint Web App using their existing identity provider credentials, providing centralized authentication management.How It Works
Team Members have four options for logging into the Iru Endpoint Web App: Passkeys, Google Social, Microsoft Social and Single Sign-On (SSO). By default, Passkeys, Google Social, and Microsoft Social authentication are activated for all tenants, offering login through Passkeys, Google Social, and Microsoft Social. Admins have the option to enable SSO using either native integrations or Custom SAML. Once an SSO setup is complete, the default connections can be turned off, allowing SSO to be the only login method. SSO can also be used for Require Authentication with Automated Device Enrollment.SSO Connection Types
Iru Endpoint currently supports the following Single Sign-On connection types. Click on one of the following connection types to learn how it can be configured.- Single Sign-On with Microsoft Entra ID (Native)
- Single Sign-On with Microsoft Entra ID (SAML)
- Single Sign-On with Google Workspace (Native)
- Single Sign-On with Google Workspace (SAML)
- Single Sign-On with Okta (SAML)
- Single Sign-On with JumpCloud (SAML)
- Single Sign-On with OneLogin (SAML)
- Custom SAML-based Single Sign-On
Allowing Tenant Authentication and Managing Connections
Once you have configured an SSO connection in both Iru Endpoint and your identity provider (IdP), you can allow the SSO connection to be used for tenant authentication.Considerations for Allowing Tenant Authentication
- An SSO connection does not need to be allowed for tenant authentication to be used for Require Authentication during Device Enrollment.
- A connection should only be set to Allow tenant authentication in Settings if you want to authenticate Iru Endpoint administrators to the web app with that connection.
- Authentication to the Iru Endpoint Web App using SSO requires that the user has been invited as a Team Member.
Allow for Tenant Authentication
Once you have configured the SAML connection in Iru Endpoint and your identity provider, you can allow its use for tenant authentication. For step-by-step instructions, please refer to the Allowing Tenant Authentication and Managing Connections section in our Single Sign-on support article.Limit Authentication to Domain
When configuring the SAML connection, you can optionally limit authentication to one or more domains. This can be useful when the SSO connection could authenticate to multiple domains. You can limit the authentication to your Iru tenant to a subset of the available domains.Enforcing Single Sign-On
Once you have configured at least one Single Sign-on connection, you can disable Passkey, Google Social, and Microsoft Social connections. Disabling these connections will disable the ability for Iru Endpoint administrators in your tenant to authenticate via those methods. Please refer to our Single Sign-on support article for step-by-step instructions.If you lose access to your Iru Endpoint tenant via SSO and need to have Passkey, Google Social, or Microsoft Social connections re-enabled, please contact Iru Endpoint support.