Understanding Single Sign-On (SSO) with StrataSite

StrataSite supports flexible Single Sign-On (SSO) configurations to help streamline user authentication across organizations. We provide Inbound SSO options, supporting industry-standard protocols like SAML 2.0 and OAuth 2.0.

This article provides an overview of how SSO works with StrataSite, including key concepts like user provisioning, identity federation, and how to pass user metadata.

🔐 What is Single Sign-On (SSO)?

Single Sign-On (SSO) allows users to log in once and access multiple systems or applications without re-entering their credentials. It improves security and simplifies the user experience across platforms.

📥 Inbound SSO (StrataSite as a Service Provider)

StrataSite can act as a Service Provider (SP). This allows users to authenticate via your organization’s identity provider (IdP), such as Okta, Azure AD, Google Workspace, or any other SAML 2.0 or OAuth 2.0 compliant provider.

Supported Protocols:

  • SAML 2.0
  • OAuth 2.0 / OpenID Connect (OIDC)

Typical Use Cases:

  • Enterprise customers who want to control access using their existing IdP.
  • Seamless login experience for internal employees accessing StrataSite.

Information to Provide for Setup:

To configure Inbound SSO, you’ll need to provide:

  • IdP Metadata URL or XML

    SAML Assertion Claims or OAuth Scopes to include:

    • Email address
    • Name
    • Unique User ID
    • Optional: Group memberships, roles, or custom attributes
  • Signing certificates (for SAML)
  • Redirect URIs (for OAuth)

👥 User Provisioning

StrataSite offers flexible user provisioning options to support automatic user account creation and management when using SSO.


Just-in-Time (JIT) Provisioning – Users are automatically created in StrataSite upon first login via SSO, based on the identity information passed from the IdP.


Attributes for Provisioning:

During provisioning, StrataSite can ingest attributes such as:

  • Full name
  • Email
  • Job title or role
  • Group or department

🧾 Passing Group Membership and User Role

To support role-based access and account associations, StrataSite can receive and interpret additional claims or attributes during SSO:

  • Group Memberships: SSO tokens can include group IDs and names.
  • User Role: SSO tokens can include the user's role.

These attributes can be used for:

  • Fine-grained access control
  • UI customization per user

Please contact our team to get a new SSO connection established, or make a modification to an existing one.