Single Sign-On (SSO)

USP supports Single Sign-On (SSO) for administrative Users via external identity providers. This allows organizations to centralize access management and enable seamless login experiences using existing enterprise identity platforms.

USP currently supports the following SSO protocols:

Supported SSO Methods

SAML SSO

Integrate USP with SAML 2.0-compliant identity providers such as Okta, Entra ID, and others.

OIDC SSO

Enable login via OpenID Connect providers like Okta, Entra ID, Auth0, and more.

info

SSO in USP allows you to authenticate Users to the USP Admin UI through external identity providers without managing passwords directly in USP. Roles and identity attributes can be mapped dynamically via SSO Mappings.

After configuring an SSO provider, you must create the appropriate SSO Mapping to define how identity and authorization attributes (like Username, Email, and Role) are interpreted by USP:

• SAML SSO Mapping: Attribute mapping for SAML-based identity providers.
• OIDC SSO Mapping: Attribute mapping for OIDC/OAuth 2.0 providers.