Single Sign-On (SSO) lets users access multiple apps with one set of login credentials. This creates a smoother experience and centralizes authentication, which improves security and makes access easier to manage.

How does Orum do SSO?

Orum uses Auth0, a trusted enterprise identity platform, to provide seamless and secure SSO. Your team can log in using your existing identity provider—such as Okta, Azure AD, Google Workspace, and others—without managing separate usernames or passwords.

We support industry standards like SAML, OpenID Connect, and OAuth 2.0, making setup fast and flexible. Once enabled, your users get a simple, secure login experience, and your IT team maintains full control over access and user management.

Getting started with SSO

To enable Single Sign for your organization:

1. As an admin, navigate to the org settings page. From that page, navigate to the System Settings and down to the “Single Sign-On” setting. If you don’t see this setting, there may be some conflict preventing your org from enabling SSO. If this happens, please contact support.

2. Once enabled, you will see more settings related to SSO and a button that allow you to send a configuration link. This enables you to send a self-service configuration link to configure SSO with your identity provider. The person configuring SSO does not require access to Orum to make this configuration changes.

3. Click on “Send configuration email” to open the modal to open the modal to input the email addresses for the configuration link.

4. Click send to send the configuration link to one or more of your IdP administrators.

5. The administrator configuring SSO will not need direct access to Orum to configure SSO and should be able to test the connection without granting themselves access to Orum.By default, access ticket URLs remain valid for five days after generation. After accessing the ticket URL, the admin has five hours to complete their setup. An access ticket URL can be accessed a maximum of 10 times; once this limit is reached, a new access ticket must be requested.

   Upon receiving the link, the admin will be able to leverage the link to self-service the SSO configuration. This same process can be repeated to self-service configuration changes as needed in the future.

   Please note: Follow the directions on the set up guide to configure and test SSO for your organization. This requires intimate knowledge of your IdP and parts of the set up will be IdP specific. More information about the supported IdPs and the fields/information required to configure them can be found on Auth0’s website.

1. In addition to configuring your IdP, you’ll be asked to verify domain ownership. This requires access to the authoritative DNS server for your email domains. This process can sometimes take 24-48hrs. To speed up the process, in the case of incorrect configuration, we recommend keeping the TTL placed on your DNS records short. Because this process can take an extended period of time, and the ticket expirations mentioned in the previous step, you may need to regenerate a configuration link if you require more than the 5hrs available to complete configuration.

Restricting access to only the SSO authentication method

By default, Orum allows any integration to be used as an authentication method to log into Orum. However, it is common that an organization may choose to restrict authentication to only the SSO method. Orum can be configured with such a restriction. Once this option is selected, no other authentication method will be accepted. In the case where our third party provider, Auth0, is down, access to Orum will not be possible unless this option is disabled. In the case this does happen, we can disable this option temporarily to resolve access issues, until Auth0 is back up. If you need to temporarily disable this option, please contact support for assistance.

Although you should be able to test the IdP configuration during the set up process, we highly recommend that you test with at least one user before enforcing it as the only login method.