Single Sign-On settings
Configure UserLock Single Sign-On (SSO) to connect your users securely to cloud and web applications such as Microsoft 365, Slack, or Salesforce.
Note
To access this page, go to Server settings ▸ Single Sign-on.
You need at least read permission on Server settings to view this page.
You also need a domain administrator account or an account that is a member of the Active Directory group "UserLock SSO Admins". If the group does not exist, you must create it.
UserLock Single Sign-On (SSO) lets users authenticate once with their Windows credentials and then access SaaS applications without re-entering their passwords.
To activate SSO for an application, complete its connection details and restart the SSO service.
The SSO settings page displays:
The main SSO service and its current status
Any backup servers, if configured.
→ See how to install a backup SSO server guide.The certificate validity period.
→ See how to renew the SAML certificate guide.A list of supported SaaS applications, grouped under Configured and Not configured.
Choose the SaaS application you want to connect (for example, Microsoft 365, Salesforce, or Slack).
Complete the required fields according to the selected provider.
Note
Depending on the provider, you can create multiple SSO profiles.
Provider | Details |
|---|---|
Adobe Sign | |
AWS | |
Box | |
DocuSign | |
DropBox | |
Google Workspace | |
Microsoft | |
Salesforce | |
ServiceNow | |
Slack | |
Slite | |
Zendesk | |
Other |
In the top right corner, you can:
Download the SSO metadata
Download the SAML certificate
These files may be required by the SaaS application during setup.