SSO

SSO enables authentication via an organization’s Identity Provider (IdP), such as Google Workspace or Okta instead of managing usernames and passwords. Phase Two implementations of IdP connections support SAML and OpenID Connect standard protocols.

You can add and manage IdP connections through the Admin UI under the "Identity Providers" section. Documentation for the administration of IdPs can be found in the Keycloak server adminstration docs.

If you have enabled the Organization customer portal, or are using the Phase Two Connect onboarding wizards, your customers can manage their IdP connections on their own.

📄️ Setup

Once you have setup the authentication flow for SSO as described in the previous section SSO, you can create connections to the Organizations' identity providers and then associating them with the Organizations they represent.

📄️ Wizards

In order to facilitate easy setup of identity providers for single sign-on, it is possible for you to use the identity provider setup wizards that are used in the Admin Portal and the Phase Two Connect onboarding tool. This may be useful when you are meeting with a customer IT admin, in order to show them how to set up their identity provider, or to help familiarize you with interfaces for third-party identity providers.

📄️ SSO Without Auth

Many Phase Two customers use their own authentication and user management systems, and only rely on Phase Two for its comprehensive SSO support. It is not required to use both in order to get the full power of our SSO integrations and customer self-management portal.