SSO in Virtana Platform
Virtana Platform supports Single Sign-On (SSO) using the SAML 2.0 and OpenID Connect (OIDC) authentication standards. Supported identity providers (IdPs) include Okta, Azure Active Directory, and Azure OIDC providers.
If SSO is enabled for an organization, Virtana Platform enforces SSO. When the user enters a username on the login page, Virtana determines if SSO is enabled. The user is authenticated against the Virtana Platform and then directed to an appropriate sign-in page. The username must be in the format firstName.lastName@companyName.suffix. If users were onboarded prior to SSO enablement, they are still required to use SSO.
Requirements
To enable and configure SSO in Virtana Platform:
You must have a Pro License.
You must have an administrator role with credentials-based authentication.
If you have configured a custom subdomain as part of white labeling rebranding of the Virtana Platform, you must log in using that custom subdomain before configuring SSO.
Domain binding and authentication flow
The domain used in the administrator's email address is the domain that the SSO account is bound to in Virtana Platform. All users with the same domain as the administrator will be redirected to the IdP when they log in.
Important
If an administrator who was onboarded using SSO disables or removes the organization’s SSO configuration, they will no longer be able to log in. In this case, they will have to contact Virtana Platform Support to establish a set of credentials.
User Invitations
The process for inviting new users to the Virtana Platform is the same whether using SSO or password authentication. Any existing user in the Virtana Platform can invite a new user.
The invited user receives an email from Virtana with a clickable link to access the Virtana Platform login screen. For more information, see Log in to Virtana Platform with SSO.
The login screen is different, based on the authentication method.