<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=2728387060522524&amp;ev=PageView&amp;noscript=1">
Skip to content
Contact us Customer support portal
  • There are no suggestions because the search field is empty.

Single sign-on (SSO)

Learn how to use the Single sign-on (SSO) authentication method on the Parashift platform

This article explains how to set up Single Sign-On (SSO) for your Parashift tenant.
Since SSO configuration cannot be done directly in the Parashift web interface, the setup is completed in cooperation with Parashift Support.

You can choose between:

  • Using the Parashift Platform OpenID Connect (OIDC) multi-tenant Azure application (simplest option), or

  • Using your own OpenID Connect (OIDC) or SAML provider

Option 1: Use the Parashift Platform app (Recommended)

This is the simplest and fastest way to enable SSO if you are using Microsoft Entra ID (Azure AD).

How it works

  • Parashift Support links your (parent) tenant to the built-in Microsoft Graph SSO provider.

  • Users sign in using the “Sign in with Microsoft” button.

  • Your Microsoft admin approves the Parashift Platform app once, during the first login attempt.

Steps

  1. Contact Parashift Support
    Ask them to associate your (parent) tenant with the microsoft_graph SSO IDP.

  2. Admin approval (client side)

    • When the first user attempts to log in, Microsoft will automatically create an app approval request.

    • A Microsoft tenant admin must approve the Parashift Platform app.

  3. User login

    • After approval, users can log in using Sign in with Microsoft.

Why Recommended?

✅ No client secret management required
✅ Minimal setup effort
✅ Recommended for Microsoft-based environments

Option 2: Use your own OpenID Connect (OIDC) provider

If you prefer to use your own identity provider (e.g. Auth0, Okta, custom Azure AD app), Parashift can configure a dedicated SSO integration for you.

Step 1: Contact Parashift Support

SSO cannot be configured via the web interface. Contact Parashift Support and provide:

  • Tenant ID

  • Tenant name

  • The SSO provider you want to use (e.g. Azure AD, Auth0, Okta)

Step 2: Prepare the Application on the IdP Side

On your identity provider:

  • Create an OIDC or SAML application/client according to your IdP’s requirements

  • Collect the following details:

    • Client ID

    • Client Secret

    • Discovery URL / metadata endpoint
      (for example:
      https://login.microsoftonline.com/{tenant}/v2.0/.well-known/openid-configuration)

Step 3: Share the Details with Parashift

Send the following information to Parashift Support:

  • Client ID

  • Client Secret

  • Discovery URL or metadata endpoint

  • Indication of which IDP should be used

  • Confirmation of the callback/redirect URI, if required
    (e.g. https://id.parashift.io/oidc/sso_callback)

Parashift Support will then complete the internal configuration and link the SSO provider to your tenant.

Ongoing Maintenance

  • Users will log in using the “Log in with SSO” button.

  • Your admin team is responsible for:

    • Rotating the client secret

    • Providing the updated secret to Parashift Support before it expires

⚠️ Secret rotation is mandatory to avoid login disruptions.

Note: SSO is only available for customers with a Parashift Endclient Subscription.