Introduction
Configure Single Sign-On (SSO) to allow users to authenticate on the Sanas Portal and the Sanas App using your organization's existing Identity Provider (IdP). Sanas uses the SAML 2.0 protocol to integrate with your IdP for authentication and access validation.
How it works
SSO follows the following workflow to authenticate users:
The user navigates to the Sanas Portal or App.
User authentication:
Sanas Portal: User selects the SSO option on the login screen to initiate authentication.
Sanas App: User gets automatically redirected for authentication upon the Sanas App launch.
The user is redirected to the organization's IdP and follows the on-screen instructions to complete authentication.
Upon successful verification, the user is redirected back to Sanas with authorized access.
Note: The user must exist on the integrated IdP.
Automatic User Creation
Automatic User Creation is an additional feature that works alongside Auto-Activation and SSO to eliminate the requirement of manually adding users to the Portal.
When Automatic User Creation is enabled, Sanas checks whether the user exists on the Portal and acts accordingly:
If the user exists, the user is granted access to the Sanas App.
If the user does not exist, a new user account is created on the Portal, and the user is granted access to the Sanas App.
Newly created users are mapped to a Group based on the Installer ID configured on their computer. Installer IDs are unique Group identifiers found on each group's Get Sanas page. There are two types:
Group Installer ID — New users are added to the specific group associated with this ID.
Account Installer ID — New users are added to the Default Group.
Before you begin
For Portal configuration, ensure your Portal role has Group Settings and Account Settings: Full access.
If configuring SSO for Sanas App users, ensure the Installer ID has been updated on each user's machine during app installation. If not, see Update Installer ID for instructions.
Ensure the Auto-provisioning is enabled on the intended groups. Navigate to Settings > Configuration > Application Authentication > Ensure SSO or Auto-activation is configured > Ensure the Automatic User Creation toggle is enabled.
.png?sv=2022-11-02&spr=https&st=2026-05-06T18%3A55%3A40Z&se=2026-05-06T19%3A08%3A40Z&sr=c&sp=r&sig=4im6110ucD4on%2B8CaawLTtwMRiEOZSLHUEWYa5gB2v0%3D)
Ensure you have administrative privileges on your IdP platform to complete the integration.
Ensure all intended users are added to the IdP before enabling SSO.
Ensure all intended Portal users are added to the Sanas Portal before enabling SSO. See Manage Portal Users for instructions.
Configure SSO
Follow the steps below to configure SSO:
Step 1: Gather integration details from the Sanas Portal
Log in to the Sanas Portal with your credentials.
Navigate to Settings > Configuration > SSO Settings.
Click Add SSO Provider.
.png?sv=2022-11-02&spr=https&st=2026-05-06T18%3A55%3A40Z&se=2026-05-06T19%3A08%3A40Z&sr=c&sp=r&sig=4im6110ucD4on%2B8CaawLTtwMRiEOZSLHUEWYa5gB2v0%3D)
Enter your IdP name.
Copy the following details and save them securely — you'll need these to complete the integration on your IdP:
Identifier
Reply URL
.png?sv=2022-11-02&spr=https&st=2026-05-06T18%3A55%3A40Z&se=2026-05-06T19%3A08%3A40Z&sr=c&sp=r&sig=4im6110ucD4on%2B8CaawLTtwMRiEOZSLHUEWYa5gB2v0%3D)
Gather integration details from the Portal.
Log in to the Sanas Portal with your credentials.
Navigate to Settings > Configuration > SSO Settings.
Click Add SSO provider.
.png?sv=2022-11-02&spr=https&st=2026-05-06T18%3A55%3A40Z&se=2026-05-06T19%3A08%3A40Z&sr=c&sp=r&sig=4im6110ucD4on%2B8CaawLTtwMRiEOZSLHUEWYa5gB2v0%3D)
Enter an SSO name.
Copy the following details and save them securely. We will need these details for the integration:
Identifier
Reply URL
.png?sv=2022-11-02&spr=https&st=2026-05-06T18%3A55%3A40Z&se=2026-05-06T19%3A08%3A40Z&sr=c&sp=r&sig=4im6110ucD4on%2B8CaawLTtwMRiEOZSLHUEWYa5gB2v0%3D)
Step 2: Complete the SAML 2.0 integration on your IdP
Configure the SAML integration on your IdP platform using the Identifier and Reply URL copied in Step 1.
Map the following attributes during the SSO configuration:
Attribute
Value
Description
usernameUserID or Email
Unique identifier for the user.
nameUser name
Display name for the user.
Once the integration is complete, download or copy the X-509 certificate metadata from your IdP. You'll need this to finalize the configuration on the Sanas Portal. Below are reference resources for common IdP platforms:
Step 3: Complete the SSO configuration on the Sanas Portal
If you downloaded the X-509 certificate as a file, open it in a text editor and copy its content.
Return to the SSO Settings page on the Sanas Portal and paste the certificate content.
.png?sv=2022-11-02&spr=https&st=2026-05-06T18%3A55%3A40Z&se=2026-05-06T19%3A08%3A40Z&sr=c&sp=r&sig=4im6110ucD4on%2B8CaawLTtwMRiEOZSLHUEWYa5gB2v0%3D)
Click Save.
(Optional) Enable the Lock Configuration toggle to prevent subgroups from modifying the SSO provider integration. See Lock Configuration to learn more.
Step 4: Configure the authentication mode
After integrating the IdP, set SSO as the authentication mode:
Select a group on the Group Tree for which you want to enable SSO authentication. Alternatively, select Account to apply SSO across all groups.
Navigate to Settings > Configuration > Application Authentication.
Select SSO from the list.
Click Save to apply the changes.
Ensure the Automatic User Creation toggle is enabled.
(Optional) Enable the Lock Configuration toggle to enforce SSO as the authentication mode for all subgroups. See Lock Configuration to learn more.
Select a group on the Group Tree for which you want to enable SSO authentication. Alternatively, select Account to apply SSO across all groups.
Navigate to Settings > Configuration > Portal Authentication.
Select your configured IdP from the list.
Click Save to apply the changes.
Support
Need help? Get in touch with our Support Team for assistance.