Configuring Single Sign-On (SSO)

Epiphan Cloud supports Single Sign-On (SSO) using the SAML 2.0 protocol. This allows you to authenticate users through your organization's identity provider. As with all other authentication methods logging in using SSO for the first time creates a unique account and Team within Epiphan Cloud. These are not associated with any existing Epiphan Cloud accounts or Teams created using different authentication methods.

Tested SAML 2.0 SSO Providers

We have tested the following SSO providers with Epiphan Cloud:

  • Microsoft Azure AD (Entra)
  • Okta
  • Google (GSuite)

If you already have an Epiphan Cloud Team and would like to use SSO instead of the original authentication method and you are the Owner of the Team, see: Migrate an Existing Epiphan Cloud Team Owner to Single Sign-On (SSO).

Important Information for Configuring SSO

To configure SSO between your identity provider and Epiphan Cloud, several variables must be set correctly. Some are universal across providers, while others differ depending on your Epiphan Cloud region (US or EU).

Universal Variables

  • email : This is a user's email address

  • given_name : This is a user's first name

  • family_name : This is a user's last name

Region Specific Variables

The following variables depends on whether your Epiphan Cloud account is hosted on the US or EU servers.

  • EU Specific Variables

    • Entity ID/SP Entity ID/Entry ID : urn:amazon:cognito:sp:eu-central-1_2noEzyvlA

    • ACS URL/Single Sign-On URL : https://auth-eu.epiphan.cloud/saml2/idpresponse

    • Sign-On URL/Start URL : https://eu.epiphan.cloud

     

  • US Specific Variables

    • Entity ID/SP Entity ID/Entry ID : urn:amazon:cognito:sp:us-east-1_PkzSxf9ng

    • ACS URL/Single Sign-On URL : https://auth.epiphan.cloud/saml2/idpresponse

    • Sign-On URL/Start URL : https://go.epiphan.cloud

 

Application Specific Guides

There are guides available in our Knowledge base for the currently tested SSO providers. You can find them below: