Single Sign-On (SSO) with OpenID Connect (OIDC)
Enterprise plans in Kanban Zone will have access to Single Sign-On.
OpenID Connect (OIDC) is an open authentication protocol that works on top of the OAuth 2.0 framework. OIDC allows Kanban Zone members to use single sign-on (SSO) to access Kanban Zone using an OpenID Identity Provider (IdP) to authenticate their identities.
Organizations within Kanban Zone can choose to enforce SSO for all members of their Kanban Zone organization or configure select members to bypass and login with their Kanban Zone email address.
What you will need
- An Enterprise Plan in Kanban Zone
- An OpenID Connect (OIDC) compatible Identity Provider (IdP)
- Your IdP Issuer Url/Base Url
- Your IdP Application Client ID
- The Kanban Zone redirect URI – https://kanbanzone.io/login/sso/complete
- This is used within your IdP application setup when prompted for a redirect URI
- Access to the Kanban Zone SSO Organization Configuration
- The Organization Owner of Kanban Zone will have access
- Any Kanban Zone member with Security Permissions will have access, for more information on permissions, see our manage members article
IdP Setup and Configuration
- Setup your Implicit Grant and Hybrid Flows (Grant Type) to:
- Allow Hybrid Flow
- Allow ID Tokens with Implicit Grant Types
Kanban Zone Setup and Configuration
- Navigate to the Organization Settings by clicking your avatar in the top/right and then clicking Organization Settings from the menu
- From the left navigation, choose Single Sign-On (SSO)
- Enter your Issurer URL provided by your IdP
- Enter your Kanban Zone application client ID provided by your IdP
- The test connection button can be used to verify your Issurer URL.
- Choose your login behavior overrides
- A login behavior override allows select members of your Kanban Zone organization to use their Kanban Zone credentials to gain access to Kanban Zone and bypass using their SSO credentials
- Members who are added to your login behavior override lists will show a ‘Bypass’ badge in your organization member management screen. See Manage Members Organization – Badges section for more information
- Save your changes using the SAVE button at the top right of your configuration screen
A member of Kanban Zone can ONLY use SSO credentials when they belong to a single organization. If the Kanban Zone member belongs to 1+ organizations, they will ONLY be allowed to access Kanban Zone with their Kanban Zone email and password.
If a multi-organizational Kanban Zone member is invited to your SSO organization, they will not have access to your organization unless you add them to your login overrides to bypass using SSO.
Once bypassed, this member can login with their Kanban Zone credentials and be granted access to your organization.
This approach is often used for vendors or 3rd party members who belong to multiple Kanban Zone organizations OR do not exist in your IDP.
8. Once you have configured your SSO, it needs to be enabled.
Login with SSO
If SSO is enabled for your organization in Kanban Zone, members can now login using their Kanban Zone email and SSO credentials.
- Navigate to https://kanbanzone.io/login and choose Login with SSO or navigate directly to https://kanbanzone.io/login/sso
- Enter your email address
- Your IdP email address is the same as your Kanban Zone email address from your confirmed signup
- Your IdP will then prompt you for your password
Related Information:
