Workspace Single Signon Settings

Settings that can be used with Single Signon.

Path: Manage Workspace >> Security >> Single Signon Settings


Single Sign-On (SSO) is a popular method of integrating your site's user details with IdeaScale's authentication system. The benefit to configuring SSO is that it alleviates the user's need to log into IdeaScale with another set of credentials. With SSO employed, access to the IdeaScale community is predetermined by the user's access to your intranet. SSO removes the login process--which many admins feel is a significant barrier to participation!

Screenshot 2024-08-30 at 1.00.06 PM

Types of Single Signon offered in Ideascale:

SAML 2.0

  • SAML (Security Assertion Markup Language) is an XML-based standard for exchanging authentication and authorization data between an identity provider (IdP) such as Okta, and a service provider (SP) for IdeaScale SSO integrations, the IdeaScale community is the Service Provider. 

  • Learn more here!

Token-Based/Multipass

  • Multipass authentication is a single sign-on authentication strategy to allow you to share your user authentication with your site

  • Encrypted token that is passed on in the URL or as a parameter in a post form

  • Learn more here & here

Azure AD

  • Azure AD allows determining who has access to IdeaScale

  • It helps to manage your accounts in one central location - the Azure portal

  • Learn more here.

General Settings

Screenshot 2024-08-30 at 1.02.00 PM

Remove Sync groups when groups are empty: This will remove any groups that have no members assigned to them.

Want Assertion Signing : it does seem to require that either the response or the assertions need to be signed, and signing both seems redundant. It can be True or False in XML data.

Authn Requests Signed : The private key associated with your local certificate (eg your SP.PFX file) is used to sign the authn request. The IdP should be configured with the corresponding certificate.


Redirect to SSO Login Automatically: When you have this setting enabled, the SSO enabled community will be automatically redirected to the SSO login page.

Login Redirection Delay (in seconds): This helps you to setup a delay in redirection to the SSO Login page. The Login Redirection Delay value must be greater than 0 and the default value is 5.

Display buttons instead of a dropdown menu for multi - sso setup: Enabling this setting will show the SSO menu as buttons to choose from.

Ideascale Email/ Password Login: Allows users to have a login option with Ideascale credentials along with the option to login via SSO.

Enable Username Prompt: Enabling this setting allows an SSO community members to change their username from what has been already passed via SSO.

Enable Workspace Registration: This will allow new members to sign up or register to the workspace. 

Trusted Domains


Trusted domains allows to specify email domains to be auto assumed as verified by the system for SSO communities.

The Workspace admin will need to contact their IdeaScale Innovation Architect to add these trusted domains for their Workspace.

Last Updated: November 13, 2024