← Back to Developer Portal

SSO Configuration

Enterprise Single Sign-On with SAML 2.0 and OIDC

Identity Provider Type

IdP Metadata URL (auto-fetch entity ID, SSO URL, and certificate)

Or configure manually:

IdP Entity ID

IdP SSO URL

IdP SLO URL (optional)

IdP Certificate (X.509, PEM format)

TAB SP Metadata (give this to your IdP admin):

/api/sso/saml/metadata

Discovery URL

Client ID

Client Secret

Scopes

Allowed Email Domains (comma-separated)

Only users with these email domains can authenticate via SSO. Leave empty to allow all.

Auto-provision users

Automatically create TAB accounts on first SSO login

Default Role for New SSO Users

Session Timeout (hours)

Force SSO

Require SSO for all users (disables password login)

Map IdP group names to TAB roles. When a user authenticates, their IdP groups will be checked against this mapping.

→

Enable SSO

Activate SSO for your organization