Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo

All

  • All
back

Users

Single Sign On

search

Please Note:

Single Sign On

Single Sign-On

Introduction to Single Sign-On (SSO)

Single Sign-On (SSO) enables users to authenticate once and access multiple applications and services without logging in again. SSO improves the user experience and enhances security through centralized authentication.

Note

DPoD currently supports SSO federation via OIDC. Additional integration types may be validated on a request basis.

Key Concepts

  • Identity Provider (IdP): Manages user identities and authenticates users.
  • Service Provider (SP): Application or service the user wishes to access.
  • OpenID Connect (OIDC): Authentication protocol built on OAuth 2.0.

SSO Configuration Process

To request SSO setup, submit a request via the Support Portal. Client Services will gather the required information and provide a secure deposit box link for file transfer.

Prerequisites

Before you begin, ensure you have the following:

  • An active IdP subscription supporting OIDC.
  • Administrative privileges for your organization's IdP.
  • A Data Protection on Demand account with at least one Tenant Administrator.
  • Authorization from the tenant owner to request SSO.
  • An email domain matching the domain you wish to add to SSO.
Step 1: Submit Your SSO Request
  1. Submit your SSO request via the Support Portal.
  2. Client Services will respond with an overview of the process to confirm you'd like to proceed.
  3. Client Services will ask for:
    • Integration type (currently OIDC; other integration types may be validated on a request basis)
    • Email domain

Note

Once the SSO has been enabled all previously used login methods are removed. However, logins that were created inside DPOD services will continue to function as before.

Step 2: Configure Data Protection on Demand
  1. Client Services sends you a deposit box URL and access code through the support ticket. They’ll also provide information regarding affected tenants and users, along with a configuration template for OIDC.
  2. The template will request:
    • Email domain to be enabled for SSO
    • Well-known endpoint for your IdP
    • Initial user email for testing
    • OIDC: Client ID/Secret
  3. Upload the completed form to the Deposit Box.

Note

The deposit box is single-use. If you need to submit new or corrected information, request a new deposit box link from Thales Client Services.

Step 3: Test Initial User Access
  1. Test SSO using the designated user.
  2. Confirm successful configuration with Client Services and authorize migration of remaining users.
  3. Client Services will notify users that their accounts have been enabled for SSO.

Step 4: Test and Confirm

  1. Client Services asks you to confirm SSO access for users.
  2. Review your tenant’s user list to ensure users are showing as external authentication. Any users with emails outside your IdP domain (e.g., Gmail) will remain on local authentication and should be removed if not needed.
  3. Once confirmed, Client Services will close the case.

Logging in to DPoD Using SSO

  1. Go to the DPoD login page.
  2. Click SSO Login.
  3. Enter the user's email address.
  4. You will be redirected to your organization's Identity Provider (IdP) page.
  5. Log in with your IdP credentials.
  6. Verify successful login to the DPoD platform.

On this page