Teams & Workspaces
SSO Configuration
riogentix supports Single Sign-On (SSO) via SAML 2.0 and OIDC (OpenID Connect). Connect your existing identity provider so users log in with their corporate credentials.
Supported Identity Providers
- Microsoft Entra ID (Azure AD)
- Okta
- Google Workspace
- Auth0
- OneLogin
- PingIdentity
- Any SAML 2.0 or OIDC-compatible provider
Setting Up OIDC SSO (e.g., Okta)
Step 1 — Create an App in Okta
- Log in to Okta Admin console
- Applications → Create App Integration → OIDC → Web Application
- Set Sign-in redirect URI:
https://<your-tenant>.riogentix.com/auth/callback/okta
- Copy Client ID and Client Secret
Step 2 — Configure in riogentix
- Go to Settings → Identity Providers → + Add → OpenID Connect
- Fill in:
- Provider ID: okta - Display Name: Login with Okta - Discovery URL: https://<your-okta-domain>/.well-known/openid-configuration - Client ID and Client Secret from Step 1
- Click Save
Step 3 — Attribute Mapping
Map Okta attributes to riogentix user properties:
| Okta Attribute | riogentix Field |
|---|---|
email | |
given_name | First Name |
family_name | Last Name |
groups | Groups |
Setting Up SAML SSO
- Settings → Identity Providers → + Add → SAML 2.0
- Download the Service Provider Metadata XML
- Upload it to your IdP
- Paste the IdP Metadata URL back into riogentix
- Map SAML attributes → user fields
- Test with a non-admin account first
Enforcing SSO
To require all users to use SSO (disable password login):
- Settings → Security → Authentication Policy
- Enable SSO Required
- Existing password-only accounts will be prompted to link their SSO identity on next login
Just-In-Time Provisioning
When a user SSOs for the first time, riogentix can auto-create their account:
- Settings → Identity Providers → [Your Provider] → First Login Flow
- Set the default role for new SSO users