Single sign-on (SSO) lets you connect your Cloudhouse Guardian (Guardian) instance to an external identity provider (IdP) to handle user authentication. When SSO is enabled, Guardian relies on the credentials managed by the IdP rather than a simple email and password combination, which is used by default. Because of this, SSO adds a layer of additional security while also making it easier for users to access Guardian.
Enable Single Sign-On
Guardian can be configured to connect to most IdPs that utilize SAML as their form of authentication. This includes providers like Okta, Microsoft Entra ID (previously Azure Active Directory), Ping Identity, and more. However, the requirements to configure SSO vary depending on the service. You will need to work with your Guardian Representative to determine what's needed for your particular configuration.
To configure SSO for your Guardian instance, contact your Cloudhouse Representative. From there, your representative will arrange a discovery meeting to work through the configuration with you. We recommend having someone present on the call who is familiar with your existing IdP setup, as these details will be integral to completing the configuration.
Sign In via Single Sign-On
If your organization has enabled SSO, your experience signing in to Guardian will be a little different from the default email/password combination. When accessing Guardian, you will see an additional option to sign in with SSO on the sign in page. Click this button to trigger the authentication flow between Guardian and the IdP. Then, follow the prompts through the necessary steps to verify your identity. These steps will vary depending on the provider, but once they are complete, you'll be redirected to Guardian and can proceed to using the application as normal.
Note: The label of this button varies depending on your organization's configuration.
