What is SSO (Single sign-on)?
With SSO, your colleagues can sign in using your company's identity provider - e.g. Azure AD, Okta etc. - and automatically gain access to Colossyan. This provides a seamless experience, reduces password fatigue, and improves security across your systems. When users access a protected app, they’re redirected to your organization’s login page. They are automatically granted access if they are signed in.
How to initiate the integration process?
SSO is provided only for enterprise clients. Firstly, you have to reach out to your sales representative or customer success manager from Colossyan. Please share the following information with them:
- Your Identity Provider
- The protocol you plan to do the integration with
Based on that, after confirmation, we can begin with the integration.
Currently supported identity providers and protocols
We have a working integration for all the providers marked with ✅; we officially support them.
If your provider is not listed here or you use OIDC with a provider different than Microsoft Entra ID, send us a message and we will look into it.
| Identity provider/SSO method | OIDC | SAML |
|---|---|---|
| Microsoft Entra ID | ✅ | ✅ |
| Okta | ❌ | ✅ |
| Pingfederate | ❌ | ✅ |
| Other | ❌ | ⌛ |
Integration using Microsoft Entra Id SAML
After confirmation, you should receive a custom entity ID that will be needed for the following process.
Configuration is needed on Microsoft Azure. It is important that these steps require administrator access. The steps to take during configuration are in the Microsoft documentation. It is important to use this Identifier (Entity ID): urn:auth0:colossyan:<custom entity id> instead of the provided one.
Once the above steps are completed, the following additional configuration should be done.
The callback URL has to be added to the allowed redirect URLs.
The method:
- On the Main directory page navigate to App registrations
- Select All applications
- Select Colossyan SAML
- Click on Authentication on the left sidebar
- Under platform configurations have this value configured as a Web redirect URI: https://auth.app.colossyan.com/login/callback
After the configuration, Colossyan will need the Certificate (raw) and the Login URL from the SAML configuration page. These values are highlighted in the Microsoft tutorial. Additionally, please provide the email domain(s) that your users will use to access Colossyan and send us these details!
Integration using Microsoft Entra Id OIDC
Colossyan is available as a pre-integrated application in the Azure Entra ID Gallery, offering OpenID Connect (OIDC) support out of the box. This means no manual client secret exchange is required - Microsoft handles the configuration securely and internally.
However, there is an important step required to enable user access:
By default, standard users in your organization cannot access Colossyan via OIDC until the application is approved by an administrator.
To enable this:
- An Azure Entra ID administrator must log in to Colossyan using OIDC.
- During the first login, they will be prompted to grant consent on behalf of the organization.
- Once this consent is granted, all authorized users in the directory will be able to access Colossyan through OIDC without requiring further admin approval.
This one-time approval ensures a seamless and secure SSO experience for your entire organization.
Other SAML
Please reach out to your sales representative or customer success manager about a possible integration for other Identity Providers.