SSO Overview in rConfig V8 Core: SAML and OAuth
Single Sign-On (SSO) lets users authenticate to rConfig V8 Core with their existing organizational Identity Provider (IdP) credentials instead of a separate rConfig password. After reading this page you understand how SSO works in V8 Core, which identity providers are supported, and the administrator approval step that gates every new SSO user.
rConfig V8 Core supports both SAML 2.0 and OAuth authentication, so it integrates with most enterprise identity management systems. Centralizing authentication at your IdP simplifies onboarding, gives you one place to manage access, and applies your existing security policies (including MFA and conditional access) to rConfig.
Supported identity providers
Section titled “Supported identity providers”rConfig V8 Core has been tested and verified with the following identity providers. Each verified provider has a dedicated setup guide.
| Identity provider | Protocol | rConfig V8 Core support | Setup guide |
|---|---|---|---|
| Microsoft Entra ID (Azure AD) | SAML 2.0 / OAuth | Verified | Microsoft SSO setup |
| Okta | SAML 2.0 | Verified | Okta SSO setup |
| Google Workspace | OAuth 2.0 | Verified | Google SSO setup |
| Shibboleth | SAML 2.0 | Verified | Shibboleth SSO setup |
| Generic SAML 2.0 | SAML 2.0 | Supported | Generic SAML setup |
How SSO works in rConfig V8 Core
Section titled “How SSO works in rConfig V8 Core”When SSO is configured, the authentication flow runs as follows:
- The user opens the rConfig login page and selects SSO authentication.
- rConfig redirects the user to the configured identity provider.
- The user authenticates with their organizational credentials at the IdP.
- The IdP returns a SAML assertion or OAuth token to rConfig.
- rConfig validates the response and creates a user account if one does not already exist.
- The user is told that administrator approval is required before access is granted.
- An rConfig administrator signs in, navigates to Users, and enables SSO access for the new user.
- Once approved, the user authenticates through SSO and accesses rConfig with role-based permissions.
Key benefits
Section titled “Key benefits”- Centralized access management: control user access from your existing identity provider instead of managing separate rConfig credentials.
- Existing security policies: apply your organization’s MFA and conditional access rules to rConfig sign-ins.
- Controlled approval: the administrator approval step keeps unauthorized users out even when IdP authentication succeeds.
- Simpler user experience: users sign in with the organizational credentials they already use elsewhere.
- Provisioning with approval: new users are created automatically on first SSO login but stay disabled until an administrator approves them.
- Auditing: combine your IdP’s authentication logs with rConfig’s approval workflow for a centralized audit trail.
What you need before configuring SSO
Section titled “What you need before configuring SSO”- Administrator access to rConfig V8 Core.
- Administrator access to your identity provider.
- The ability to generate and exchange metadata or configuration details between rConfig and your IdP.
- A process for reviewing and approving new SSO user access requests.
User access approval workflow
Section titled “User access approval workflow”After SSO is configured, the typical onboarding sequence for a new user is:
- A first-time user authenticates successfully through the IdP.
- rConfig creates a user account with SSO access disabled by default.
- The user sees a message indicating that administrator approval is required.
- An rConfig administrator reviews the pending user under Users.
- The administrator enables SSO access for that user.
- The user can now sign in to rConfig through SSO.
This approval workflow adds a security layer so that successful IdP authentication alone does not expose sensitive network configuration data.
Frequently asked questions
Section titled “Frequently asked questions”What is Single Sign-On (SSO)?
Section titled “What is Single Sign-On (SSO)?”Single Sign-On (SSO) lets users authenticate to rConfig V8 with their existing organizational Identity Provider (IdP) credentials instead of a separate rConfig password. It centralizes authentication policy, streamlines access management, and lets users sign in with the credentials they already use across your organization.
Which identity providers does rConfig V8 support?
Section titled “Which identity providers does rConfig V8 support?”rConfig V8 is tested and verified with Microsoft Entra ID (Azure AD), Okta, Google Workspace, and Shibboleth, and supports any generic SAML 2.0 provider. Additional providers from the Socialite Providers library can be integrated on request. Each verified provider has a dedicated setup guide.
Do SSO users get access to rConfig automatically?
Section titled “Do SSO users get access to rConfig automatically?”No. A successful SSO login alone does not grant access. rConfig creates the user account with SSO access disabled, and an administrator must navigate to Users and explicitly enable access for that person. This approval workflow ensures only authorized users reach network configuration data, even with valid IdP credentials.
How does the SSO authentication flow work?
Section titled “How does the SSO authentication flow work?”The user selects SSO on the rConfig login page and is redirected to your identity provider. After they authenticate at the IdP, it returns a SAML assertion or OAuth token to rConfig. rConfig validates the response, provisions the account if needed, and grants access once an administrator has approved the user.
What’s next
Section titled “What’s next”- Microsoft SSO setup configure Entra ID (Azure AD) as your identity provider.
- Google SSO setup connect Google Workspace using OAuth 2.0.
- Okta SSO setup set up Okta with SAML 2.0.
- Shibboleth SSO setup integrate a Shibboleth SAML 2.0 provider.
- Generic SAML setup configure any other SAML 2.0 compliant provider.
- User management approve SSO users and assign roles and permissions.