SSO Settings (Single Sign-On)

Single Sign-On (SSO) allows your team to authenticate using your organization's identity provider instead of managing separate Rotadeck passwords.

What is SSO?

SSO provides:

• Unified login: Users authenticate once for all applications
• Enhanced security: Centralized access control
• Simplified onboarding: Automatic user provisioning
• Compliance: Meet enterprise security requirements

Supported Providers

Rotadeck supports SSO via SAML 2.0 with:

• Okta
• Azure AD / Microsoft Entra ID
• Google Workspace
• Any SAML 2.0-compliant provider

Setting Up SSO

Prerequisites

Before configuring SSO:

1. Admin access to Rotadeck
2. Admin access to your Identity Provider (IdP)
3. Your organization's SSO metadata or configuration URLs

Step 1: Enable SSO in Rotadeck

1. Navigate to Settings → SSO Tab
2. Click Enable SSO
3. Add the relevant domains for your organisation to login with SSO
4. Select the default role that will be assigned to new users.
5. Click Save
6. Visit the self service URL displayed to set up SSO bindings for your organisation.

SSO Configuration Options

JIT Provisioning

When enabled:

• New users are automatically created when they sign in via SSO
• User attributes (name, email) are synced from your IdP
• Users are assigned a default role that is selected

To enable:

1. Go to SSO Settings
2. Toggle Allow JIT Provisioning
3. Select Save

Require SSO

Force all users to log in via SSO:

1. Toggle Require SSO for all users
2. Set grace period (7, 14, 30 days)
3. Existing password-based users must link SSO accounts

Note: At least one admin should test SSO successfully before enabling this.

Just-in-Time (JIT) Provisioning

Automatically create user accounts on first SSO login:

• ✅ Enabled: Users created automatically
• ❌ Disabled: Only existing users can log in via SSO, new users must be made via the dashboard

SSO Domains

Specify email domains that should use SSO:

1. Add domains (e.g., company.com)
2. Users with these email domains are automatically redirected to SSO when logging in

Troubleshooting SSO

Users Can't Access After Enabling SSO

1. Check SSO Domains includes user's email domain
2. Ensure user has linked SSO account

Need Help?

For SSO setup assistance:

• Email: support@rotadeck.com

Disabling SSO

To turn off SSO:

1. Go to SSO Settings
2. Click Delete SSO Config
3. Confirm
4. All users must log in with passwords (may need to reset)

⚠️ Warning: Ensure all users have valid passwords or can reset them before disabling SSO.

Best Practices

• Test thoroughly: Verify SSO with multiple users before rolling out
• Communicate changes: Notify team before enabling SSO
• Keep backup access: Maintain one admin with password access (if password access is enabled)
• Document configuration: Keep IdP settings and Rotadeck config documented
• Regular audits: Review SSO user access quarterly