Skip to content
PropelAuth BYO Documentation

Managing SSO Clients

Managing your customer’s SSO clients is an important part of providing a smooth integration experience for your users. This page will go through some common settings and best practices when using SSO.

SSO Dashboard

Section titled “SSO Dashboard”

The SSO Dashboard provides a centralized view of all your customer’s active SSO clients, allowing you to manage users and SSO settings in one location.

SSO Clients Dashboard

Within each client are users who have logged in to your product using that SSO client. Additionally, each connection contains additional settings such as Email Domain Allowlist and a Redirect URL. If the customer also has SCIM enabled you will see a SCIM Matching tab.

Viewing users

Section titled “Viewing users”

Clicking on an SSO user in the dashboard will bring up a detailed view of that user. Here you can see information such as their email, name, and when they last logged in.

Importantly, you can also see the full JSON that we received from the identity provider. This can be useful for troubleshooting issues with user attributes or claims (e.g. my customer says they are sending a custom attribute, but I don’t see it).

user details

Updating SSO Client Settings

Section titled “Updating SSO Client Settings”

Two settings, Email Domain Allowlist and Redirect URL, can be set and updated via the Create OIDC Client and Patch OIDC Client functions. Alternatively, you can update these two settings within the Dashboard by clicking on the Settings tab when viewing a SSO Client.

SSO Clients Dashboard

Email Domain Allowlist

Section titled “Email Domain Allowlist”

The Email Domain Allowlist setting adds additional control over who can and cannot login via a SSO client. This setting is optional, but recommended. See here for more information on why this is important.

If a allowlist is in place and a user without a listed domain attempts a login you’ll receive a LoginBlockedByEmailAllowlist error when completing the OIDC login.

Redirect URL

Section titled “Redirect URL”

The Redirect URL setting is where the user should be redirected to after logging into their identity provider. Depending on your setup this value may be identical across all SSO clients. This value should also be given to your customer so they can add it to their IdP as a valid callback URL. See the example setup guides for examples.