Single Sign-On (SSO)¶

CxReports supports Single Sign-On (SSO) authentication through multiple providers, allowing users to authenticate using their existing organizational credentials.

Supported SSO Providers¶

Google SSO for Google Workspace integration. Configure in Google Cloud Console under APIs & Services > Credentials.

Microsoft SSO for Entra ID (Azure AD) and Microsoft 365 accounts. Configure in Azure Portal under App registrations.

Configuration¶

All SSO providers are configured through the appsettings.json file. For detailed configuration options, see Application Settings.

The PasswordLogin setting can be used to hide the username/password login form when you want users to authenticate exclusively through SSO providers like Microsoft or Google.

{
  "GoogleLogin": {
    "Enabled": true,
    "SupportedDomains": ["your-domain.com"],
    "ClientId": "your-client-id",
    "ClientSecret": "your-client-secret"
  },
  "MicrosoftLogin": {
    "Enabled": true,
    "SupportedDomains": ["your-domain.com"],
    "ClientId": "your-client-id",
    "ClientSecret": "your-client-secret"
  },
  "PasswordLogin": {
    "Enabled": true
  }
}

Setup¶

Google: Create Google Cloud Project, enable OAuth 2.0, configure credentials
Microsoft: Register app in Azure AD, configure permissions, generate client secret

Security¶

Use HTTPS in production, store secrets securely, implement domain restrictions, and monitor authentication logs.

User Management¶

Users are automatically created upon first SSO login. User information is synchronized from the SSO provider while maintaining role and permission management within CxReports.