SSO Configuration

SSO Configuration

This guide covers how to configure Single Sign-On (SSO) for Veraproof products, including both Scimify and Challenge.

Overview

SSO allows users to authenticate with their enterprise identity provider and access multiple Veraproof services without re-entering credentials.

Supported Protocols

• OpenID Connect (OIDC)

Configuration Steps

1. Create an OIDC Application in Okta

You have two options for creating the OIDC application:

Option 1: Okta App Catalog Method (Recommended)

• Install the “Veraproof SSO” app from Okta’s app catalog
• Set the product subdomain to scimify or challenge (which ever product you have subscribed to)
• Proceed to step 2

Option 2: Okta Manual App Creation Method (Alternative)

• Create a new OIDC application in Okta
• Set the application type to “Web Application”
• Set the name to “Veraproof SSO”
• Set the grant types to “Authorization Code”
• Set the sign-in redirect URI to https://product.veraproof.io/auth/callback/oidc (replace product in the URL with scimify or challenge)
• Leave everything else as default and press “Save”

After creating the application:

• Assign users to the new Okta application
• Make note of the Client ID and Client Secret from the new Okta application

2. Configure SSO Settings in Veraproof Admin Console

1. Navigate to the SSO Settings page in your Veraproof product admin console
2. Enter a friendly Provider Name that your users will see when they authenticate (e.g., “Okta SSO”)
3. Enter your Identity Provider’s Issuer URL (can be found in /.well-known/openid-configuration URL)
4. Paste the Client ID and Client Secret from your OIDC application
5. Set the Scopes to openid email profile
6. Press Save Configuration button
7. Test the configuration to verify connectivity by pressing Test Configuration button
8. Tick Enable OIDC authentication when you’re ready to enforce OIDC SSO for all Scimify users

3. Authenticate Using SP-Initiated SSO

Users can now authenticate using SP-initiated SSO when they enter their email on the Scimify login page:

1. From your browser, navigate to the Veraproof product login page:
   • scimify.veraproof.io/auth/login
   • challenge.veraproof.io/auth/login
2. Enter your email address and press Sign in
3. You will be redirected to your Identity Provider to authenticate if you don’t have an existing IdP session
4. After successful authentication, you will be redirected to the Veraproof product dashboard

Important Notes

• SP-initiated SSO is supported. IdP-initiated SSO is not supported.
• Users must be created via user management before they can login with SSO
• If you need to temporarily disable SSO, you can do so by unchecking the Enable OIDC authentication checkbox. Users will be redirected to their original social login provider to authenticate.

Need Help?

If you encounter any issues during configuration, please contact support@veraproof.io for assistance.

For specific integration guides, see:

• Scimify Integration Guides
• Challenge Integration Guides