Multi Single Sign-On (Multi SSO) allows your organization to configure multiple Single Sign-On (SSO) providers in SEMINE. Users can sign in using different identity providers, such as Microsoft Entra ID (Azure AD), Okta, or other supported authentication services.
For example, you may have separate login options for internal employees, external consultants, or different business units. All configured SSO providers can be available at the same time.
Existing SSO configurations continue to work as before and do not require any additional setup.
Authentication settings
- Go to Administration.
- Select the organization and click Edit organization
- Select the Authentication tab.
The Authentication tab lets you manage local account settings, enable Multi-Factor Authentication (MFA), and configure one or more Single Sign-On (SSO) providers.
Manage local account authentication
In the Authentication tab:
- Under Basic authentication, select Local accounts.
- Enable or disable the Multi-Factor Authentication (MFA) checkbox based on your needs
- Click Save or Save and Close.
Add a new SSO provider
In the Authentication tab:
- Under Single Sign-On, click Add SSO setup.
- Enter the required information from your identity provider.
- Click Save or Save and Close.
SSO settings
| Setting | Description |
|---|---|
| Enabled | Activate Single Sign-On for the organization. When selected, SSO is enabled for the organization; when cleared, SSO is disabled and users sign in with their SEMINE username and password. |
| Scheme* | A unique identifier for the SSO configuration. Example: 3f44b0bf-e571-4214-ae70-70d6b4bebda5 |
| Display Name* | Enter the display name for the login button. This is a free-text field. Example: Company SSO |
| Authority* | Provided by the customer’s IT department or partner. Typically, the login URL from the identity provider. |
| Client ID* | Provided by the customer’s IT department or partner. |
| Client Secret | Provided by the customer’s IT department or partner. |
| Sign-in Scheme* | Authentication scheme used for signing in. Default value: idsrv.external. |
| Sign-out Scheme* | Authentication scheme used for signing out. Default value: idsrv. |
| Callback Path | Unique redirect path used by your identity provider. This value is generated automatically by SEMINE. Example: /signin-3f44b0bf-e571-4214-ae70-70d6b4bebda5 |
| Validate Issuer | Ensures tokens come from the correct issuer. |
| Get Claims from UserInfo Endpoint | Retrieves additional user details like roles or email from the identity provider. Enabled by default. |
| Clear Default Scopes | Optional. Clears preconfigured scopes if you want to define custom ones. |
| Disable Login with SEMINE Username and Password | Optional. Prevents users from signing in with a SEMINE username and password and requires them to use SSO authentication. |
| Scopes | Additional scopes to request from the identity provider. Example: openid profile email |
| Domain Names* | Customer’s allowed domain(s) for login. Example: domainName1.com, domainName2.com |
To configure multiple SSO providers, repeat the Add SSO Setup process for each provider. Each provider appears as a separate entry in the Authentication tab and can be enabled or disabled independently.
Login experience for users
| Configuration | User Experience |
|---|---|
| No SSO configured | Users sign in with a SEMINE username and password. |
| One active SSO provider | Users are automatically redirected to the configured identity provider. |
| Multiple active SSO providers | Users can choose which SSO provider they want to use when signing in. |
Continue to provider setup
After completing the SSO configuration in SEMINE, continue with the setup guide for your identity provider:
Comments
0 comments
Please sign in to leave a comment.