Previous Topic: Configure an OpenID Authentication SchemeNext Topic: Select the Policy Domain for the Tenant

Single Sign-On ServiceSSO Getting Started GuideSSO using a Third-party IdP and Self-registrationConfigure and Apply an OpenID Authentication SchemeUse the Authentication Scheme in a Policy

Use the Authentication Scheme in a Policy

For SSO applications, you must establish a one-to-one correspondence between an authentication method configured at the User Console and an authentication scheme configured at the CSP console. The authentication method and the scheme work together to enforce user authentication for a requested SSO application.

After you create an authentication scheme, the scheme has to protect the authentication URL specified for a given authentication method. To protect the URL, the scheme is assigned to a realm, and the realm becomes part of a policy.

Follow these steps::

  1. Configure the policy domain for the tenant.
  2. Assign user directories to the tenant domain.
  3. Create a realm and rule for the tenant domain.
  4. Create a policy to protect the authentication URL.