🔑SSO Integration
This page covers our SSO Integration support with steps we need for integration
Single Sign on
Galileo provides Single Sign-on capabilities for various providers using the OIDC protocol. See details below for how to configure each provider.
Okta | OIDC |
Azure Active Directory | OIDC |
PingFederate | OIDC |
OIDC | |
Github | OIDC |
Galileo Native Authentication | OIDC |
If your provider is not listed above, additional SSO providers can be added on-demand as per customer requirements.
Setting Up SSO with Galileo
Google
Follow this guide to set up OAuth credentials. User Type is Internal, Scopes are .../auth/userinfo.profile and openid, Authorized domains is your domain for Galileo console.
When creating new client ID, set type to Web application, set Authorized redirect URIs to
https://{CONSOLE_URL}/api/auth/callback/google
Share Client ID and Client Secret with Galileo
Okta
Follow this guide to create a new application. Select OIDC - OpenID Connect as the Sign-in method, Web Application as the application type, Authorization Code as the Grant Type
Set Sign-in redirect URIs to
https://{CONSOLE_URL}/api/auth/callback/okta
, and Sign-out redirect URIs tohttps://{CONSOLE_URL}
.Share Issuer URL, Client ID and Client Secret with Galileo
Find Issuer URL in Security -> API in admin panel. Audience should be
api://default
Microsoft Entra ID (Azure Active Directory)
Follow this guide to create a new application. Under Redirect URI, set type to Web and URI to
https://{CONSOLE_URL}/api/auth/callback/azure-ad
Go to Token configuration page, Add Optional Claim, choose ID token and email claim.
Please ensure each user has the email set in the Contact Information properties. We will use this email as the account on Galileo.
Go to Certificates & secrets page, click New Client Secret and create a new secret.
Share the Tenant ID, Client ID and Client Secret with Galileo
PingFederate
Follow this guide to create an application with Application Type OIDC Web App
Go to app configuration page, edit it by setting Redirect URIs to
https://{CONSOLE_URL}/api/auth/callback/ping-federate
Share the Environment ID, Client ID and Client Secret with Galileo
Last updated