# Single Sign-On The preferred and recommended login method is SAML 2.0 for exchanging authentication and authorization data between security domains—specifically, between an Identity Provider (IdP) (e.g., Okta, Azure AD/Entra ID, Ping Identity, OneLogin, or your enterprise IdP). * **Cross-domain single sign-on**: Users authenticate once via their enterprise IdP and gain access to Sentinel without re-entering credentials. * **Centralized identity management**: Leverages existing corporate credentials, reducing password fatigue and improving compliance. * **Stronger security**: Supports federated authentication, attribute mapping (e.g., roles/groups), and protocols for secure assertion exchange (signed/encrypted as configured). * **Web-based scenarios**: Enables SP-initiated (user accesses Sentinel directly) or IdP-initiated (starts from corporate portal) SSO flows. * Sentinel acts as the **SAML Service Provider (SP)**. * Integration requires configuring Sentinel with your IdP's metadata (or vice versa) — typically involving: * Entity IDs * Assertion Consumer Service (ACS) URLs * Signing certificates * Attribute mappings (e.g., for user provisioning or role assignment) * Once set up, Sentinel redirects unauthenticated users to the IdP for login; successful authentication returns a SAML assertion, granting access with appropriate permissions. * Fallback to local Sentinel credentials remains available if needed (e.g., for admin recovery). * No custom code or modifications to PeopleSoft core are required — Sentinel handles SAML independently via its web layer (Nginx-proxied). {% hint style="info" %} An IDP Certificate and IDP URL are required to complete the setup. {% endhint %}

IDP Attributes

* The following data attributes should be sent from your IDP Provider:

Set Up Single Sign-On

1. Navigate to **Settings - Single Sign-On.** 2. Input the '**Identity Provider URL.'** 3. Input the ' **Identity Provider Certificate.'** 4. Once a configuration is saved, Sentinel will generate a **Metadata URL, Sentinel Callback URL,** and **Sentinel Direct Login Link.** *\*These are used to complete the IDP setup and service connection.* 5. Set up attributes mapping on your IDP to match Sentinel IDP attributes:

*If your IDP uses different field names in the Attributes section, map the IDP field names to the corresponding Sentinel field names.

6. Save changes. 7. Toggle the **'SAML ON/OFF'** switch after updating settings. * *After a successful configuration,* a new SSO Login button will appear on the login screen. Sentinel also provides a direct SSO login URL that can be used to initiate login through your IDP. This URL can be found under the **Sentinel Direct Login Link.**

Assign Default Access for New SSO Users

**First-time** users that use the single sign-on (SSO) login may be automatically given access to one or more PeopleSoft environments in Sentinel. A Sentinel user will only receive access to environments for which they have [**access profiles**](broken://pages/9cRPM0iQbHunOujEQnQj). * Default Profiles will be assigned to all signed-up users via SAML integration.

--- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://help.sentinelsoftware.com/sentinel-help-center/installation-and-updates/single-sign-on.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.