Skip to content

SSO Overview in rConfig V8 Core: SAML and OAuth

Single Sign-On (SSO) lets users authenticate to rConfig V8 Core with their existing organizational Identity Provider (IdP) credentials instead of a separate rConfig password. After reading this page you understand how SSO works in V8 Core, which identity providers are supported, and the administrator approval step that gates every new SSO user.

rConfig V8 Core supports both SAML 2.0 and OAuth authentication, so it integrates with most enterprise identity management systems. Centralizing authentication at your IdP simplifies onboarding, gives you one place to manage access, and applies your existing security policies (including MFA and conditional access) to rConfig.

rConfig V8 Core has been tested and verified with the following identity providers. Each verified provider has a dedicated setup guide.

Identity providerProtocolrConfig V8 Core supportSetup guide
Microsoft Entra ID (Azure AD)SAML 2.0 / OAuthVerifiedMicrosoft SSO setup
OktaSAML 2.0VerifiedOkta SSO setup
Google WorkspaceOAuth 2.0VerifiedGoogle SSO setup
ShibbolethSAML 2.0VerifiedShibboleth SSO setup
Generic SAML 2.0SAML 2.0SupportedGeneric SAML setup

When SSO is configured, the authentication flow runs as follows:

  1. The user opens the rConfig login page and selects SSO authentication.
  2. rConfig redirects the user to the configured identity provider.
  3. The user authenticates with their organizational credentials at the IdP.
  4. The IdP returns a SAML assertion or OAuth token to rConfig.
  5. rConfig validates the response and creates a user account if one does not already exist.
  6. The user is told that administrator approval is required before access is granted.
  7. An rConfig administrator signs in, navigates to Users, and enables SSO access for the new user.
  8. Once approved, the user authenticates through SSO and accesses rConfig with role-based permissions.
  • Centralized access management: control user access from your existing identity provider instead of managing separate rConfig credentials.
  • Existing security policies: apply your organization’s MFA and conditional access rules to rConfig sign-ins.
  • Controlled approval: the administrator approval step keeps unauthorized users out even when IdP authentication succeeds.
  • Simpler user experience: users sign in with the organizational credentials they already use elsewhere.
  • Provisioning with approval: new users are created automatically on first SSO login but stay disabled until an administrator approves them.
  • Auditing: combine your IdP’s authentication logs with rConfig’s approval workflow for a centralized audit trail.
  • Administrator access to rConfig V8 Core.
  • Administrator access to your identity provider.
  • The ability to generate and exchange metadata or configuration details between rConfig and your IdP.
  • A process for reviewing and approving new SSO user access requests.

After SSO is configured, the typical onboarding sequence for a new user is:

  1. A first-time user authenticates successfully through the IdP.
  2. rConfig creates a user account with SSO access disabled by default.
  3. The user sees a message indicating that administrator approval is required.
  4. An rConfig administrator reviews the pending user under Users.
  5. The administrator enables SSO access for that user.
  6. The user can now sign in to rConfig through SSO.

This approval workflow adds a security layer so that successful IdP authentication alone does not expose sensitive network configuration data.

Single Sign-On (SSO) lets users authenticate to rConfig V8 with their existing organizational Identity Provider (IdP) credentials instead of a separate rConfig password. It centralizes authentication policy, streamlines access management, and lets users sign in with the credentials they already use across your organization.

Which identity providers does rConfig V8 support?

Section titled “Which identity providers does rConfig V8 support?”

rConfig V8 is tested and verified with Microsoft Entra ID (Azure AD), Okta, Google Workspace, and Shibboleth, and supports any generic SAML 2.0 provider. Additional providers from the Socialite Providers library can be integrated on request. Each verified provider has a dedicated setup guide.

Do SSO users get access to rConfig automatically?

Section titled “Do SSO users get access to rConfig automatically?”

No. A successful SSO login alone does not grant access. rConfig creates the user account with SSO access disabled, and an administrator must navigate to Users and explicitly enable access for that person. This approval workflow ensures only authorized users reach network configuration data, even with valid IdP credentials.

How does the SSO authentication flow work?

Section titled “How does the SSO authentication flow work?”

The user selects SSO on the rConfig login page and is redirected to your identity provider. After they authenticate at the IdP, it returns a SAML assertion or OAuth token to rConfig. rConfig validates the response, provisions the account if needed, and grants access once an administrator has approved the user.