Single Sign-On (SSO)

ALTCHA Sentinel supports Single Sign-On (SSO) integration with multiple providers using OpenID Connect (OIDC) or LDAP protocols.

Note

Enterprise Feature: SSO capabilities are exclusively available with the Enterprise license plan.

Supported SSO Providers

OpenID Connect (OIDC)

The following OIDC providers are currently supported:

• Microsoft Azure
• Google Workspace
• Keycloak
• Okta

Configuration Requirements

All OIDC providers require:

• clientId - Your application’s client identifier
• clientSecret - Your application’s secret key

Obtain these credentials from your provider’s administration console before configuration.

Azure AD

SSO_AZURE=?clientId={clientId}&clientSecret={clientSecret}

Google Workspace

SSO_GOOGLE=?clientId={clientId}&clientSecret={clientSecret}

Keycloak

SSO_KEYCLOAK=https://your-keycloak-domain:8080/?realm={realm}&clientId={clientId}&clientSecret={clientSecret}

Okta

SSO_OKTA=https://{your-account}.okta.com/?clientId={clientId}&clientSecret={clientSecret}

LDAP/Active Directory

For LDAP-based authentication (including Active Directory):

SSO_LDAP=ldap://your-ldap-server:389?userDn=dc=your-domain,dc=com

Disabling Password Login

To enhance security, it is recommended to disable built-in password login by setting the environment variable PASSWORD_LOGIN_ENABLED=0. This restricts authentication to configured Single Sign-On (SSO) options only.

Support

For assistance with SSO configuration or troubleshooting, please contact support.

Remember that all SSO features require an Enterprise license.