Enterprise SSO

Set up Single Sign-On (SSO) for enterprise authentication

Overview

Enterprise SSO allows organizations to use their existing identity provider for authentication in Gconv Prune. This guide covers setup and configuration for various SSO providers.

Supported Providers

SAML 2.0

Okta
Azure AD
OneLogin
PingIdentity

OpenID Connect

Google Workspace
Auth0
Keycloak
Custom OIDC providers

Configuration Steps

1. Provider Setup

Configure your identity provider settings:

# SAML Configuration Example
ACS URL: https://auth.gconvPrune.fun/saml2/callback
Entity ID: https://auth.gconvPrune.fun
Name ID Format: Email Address
Attributes:
  - email
  - firstName
  - lastName
  - groups

2. Firebase Configuration

Set up SAML configuration in Firebase:

import {SAMLAuthProvider} from 'firebase/auth'

const provider = new SAMLAuthProvider('saml.your-provider')
const auth = getAuth()

// Initialize SAML auth
auth.useDeviceLanguage()
await signInWithRedirect(auth, provider)

3. User Provisioning

Handle user provisioning and group mapping:

// Handle SAML response
onAuthStateChanged(auth, (user) => {
    if (user) {
        // User is signed in
        const {displayName, email, photoURL} = user
        const customClaims = user.getIdTokenResult()

        // Map groups and permissions
        const groups = customClaims.claims['groups']
        // Set up user access based on groups
    }
})

Security Best Practices

Recommendations

Enable secure HTTPS endpoints
Implement proper session management
Set up appropriate timeout settings
Configure role-based access control (RBAC)
Regular security audits and monitoring

Need Help?

For enterprise SSO setup assistance or custom configurations, please contact our enterprise support team