Contents x
      Setting Up Single Sign On (SSO)
      • 18 Feb 2025
      • 1 Minute to read
      • Contributors
      • Print
      • Dark
        Light
      Contents

      Setting Up Single Sign On (SSO)

      • Updated on 18 Feb 2025
      • 1 Minute to read
      • Contributors
      • Print
      • Dark
        Light
      Article summary

      Users can log in to RealTheory using Single Sign-On (SSO) if your identity provider uses the OAuth 2.0 protocol.

      Prerequisites

      To set up SSO, you must have the following:

      • An SSO identity provider that supports the OAuth 2.0 / OIDC protocol
      • A RealTheory integration with your selected SSO identity provider, set up as an OIDC Web App with the Web Application type and the Authorization Code grant type
        Okta Example: See https://developer.okta.com/docs/guides/implement-grant-type/authcode/main/#set-up-your-app, where Proof Key for Code Exchange (PKCE) must not be enabled and the OAuth Callback URL can be found in Settings > Identity in the RealTheory console
      • One of the following assigned to your user account:
        • The sys_admin role
        • The sso_admin role and the group_admin role
      • Certain information about your identity provider such as your client ID and secret, the authorization URL, and the access token URL

      Procedure

      1. Navigate to Settings > Identity.
      2. Complete the following information:
        FieldDescriptionRequired
        NameName for your SSO - OAuth 2.0 profileYes
        DescriptionComments that will help you remember the purpose and scope of the configurationNo
        OAuth Authorize URLThe identity provider endpoint where users initiate the authorization processYes
        OAuth Access Token URLThe identity provider endpoint where RealTheory sends a request to exchange the authorization code for an access tokenYes
        Client IDClient ID issued by your identity providerYes
        Client SecretClient secret associated with your client IDYes
      3. Currently, the only supported Grant Type is authorization_code; this value should be selected by default.
      4. Currently, the only supported Scope is openid; this value should be selected by default.
      5. In Default Group Membership, click Add to select which group(s) new users must be added to by default.
        Note: This group assignment is a default assignment; manage each user's group assignment(s) in Settings > Team > Users.
      6. Verify the provided information and then click Configure SSO - Provider.
        Users can now use SSO to sign in to RealTheory.
      Was this article helpful?
      What's Next
      RealTheory logo
      • The Kubernetes Intelligence Platform
      Support
      Follow Us
      Copyright © RealTheory, Inc. All Rights Reserved