Last updated

Configure SSO

After you have added an identity provider (IdP) in Reunite, the IdP can then be configured in the redocly.yaml configuration file for individual projects. Adding an IdP to the configuration file for a project is not required for users to be able to use it to log in. If you do not configure sso in the redocly.yaml file for a project, users can log in to the project using IdPs you have added in Reunite in the default priority order. You can configure sso in the redocly.yaml file of a project, to specify identity providers for that project. See the Single sign-on (SSO) concept doc for more information on the default priority order.

attention

Configuring sso does not require users to log in to your project. To require login to a project, rbac or requiresLogin must also be configured.

Before you begin

Make sure you have the following before you begin:

Specify IdPs for a project

If you want to specify which identity providers (IdPs) users can log in to your project with, you can configure sso in the redocly.yaml configuration file.

For example, the following sso configuration limits users to the CORPORATE IdP, if it has been added in Reunite:

redocly.yaml
sso: 
  - CORPORATE

The following example allows users to use both the GUEST IdP (if it has been added in Reunite) and REDOCLY credentials:

redocly.yaml
sso:
  - GUEST
  - REDOCLY

Redocly credentials are credentials created and saved in Reunite.

Disable SSO

If you have configured rbac, but want to disable SSO, use the following sso configuration:

redocly.yaml
sso: []

Disabling SSO is only necessary if you have rbac configured, but you don't want to require login to your project. Disabling SSO removes the login page, but does not disable rbac.

Resources