FusionAuth
    • Home
    • Categories
    • Recent
    • Popular
    • Pricing
    • Contact us
    • Docs
    • Login

    How does SSO work with multiple client SSO servers?

    Scheduled Pinned Locked Moved Solved
    Q&A
    sso azure gsuite
    1
    2
    5.1k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • danD
      dan
      last edited by

      If you use FusionAuth to authenticate users of our web-application, but want to offer SSO to Enterprise customers that have their own user databases (such as Azure AD, GSuite), how can you do it?

      Social logins (Facebook, Twitter, Github, Google) are one thing, but how do things would work for specific client SSO servers?

      How does the login screen know what to show the user? You don't want an SSO button per client implementation.

      --
      FusionAuth - Auth for devs, built by devs.
      https://fusionauth.io

      1 Reply Last reply Reply Quote 0
      • danD
        dan
        last edited by

        This is generally done by using the domain configuration. For example, all users with an email address domain of acme.com can be configured to use a particular SAML or OpenID Connect configuration.

        As soon as you configure one IdP with a domain, the login panel will collect the email address first to understand if we need to ask for a password or forward them along to a federated identity provider.

        Read more about managed domains here: https://fusionauth.io/docs/v1/tech/identity-providers/openid-connect/

        --
        FusionAuth - Auth for devs, built by devs.
        https://fusionauth.io

        1 Reply Last reply Reply Quote 0
        • First post
          Last post