Settings

Connections

Users with the appropriate permissions can manage enterprise single sign-on connections for their organisation. The Connections feature allows you to configure OIDC (OpenID Connect) and SAML (Security Assertion Markup Language) connections to enable single sign-on for your users.

Creating a Connection

To create a new SSO connection, click the Create Connection button in the top right corner. You’ll need to choose between two authentication strategies:

• OIDC (OpenID Connect)
• SAML (Security Assertion Markup Language)

Creating an OIDC Connection

When creating an OIDC connection, you’ll need to provide:

• Connection Name: A unique identifier for this connection (max 128 characters, letters, numbers, and hyphens only, must start and end with a letter or number)
• Domains: Comma-separated list of domains that will use this connection (e.g., example.com, example.org)
• Client ID: The OAuth client identifier provided by your identity provider
• Client Secret: The OAuth client secret provided by your identity provider
• Discovery URL: The OpenID Connect discovery endpoint (e.g., https://idp.example.com/.well-known/openid-configuration)
• Scope: Space-separated list of OAuth scopes (e.g., openid profile email)
• Enable nonce for Back Channel OIDC requests: Toggle to add a nonce parameter to back-channel authentication requests (disable only if your identity provider cannot process nonce values)

Note

You will need to configure your identity provider with the displayed Callback URL. Click the Copy button to easily copy this URL.

Creating a SAML Connection

When creating a SAML connection, you’ll need to provide:

• Connection Name: A unique identifier for this connection (max 128 characters, letters, numbers, and hyphens only, must start and end with a letter or number)
• Domains: Comma-separated list of domains that will use this connection (e.g., example.com, example.org)
• Sign-In Endpoint: The SAML SSO URL provided by your identity provider
• Signing Certificate: The X.509 certificate from your identity provider (paste the full certificate content)

Note

You will need to configure your identity provider with the displayed Single Sign-On URL and Audience URI (Entity ID). Click the Copy button to easily copy this URL.

Managing Connections

Once created, connections appear in a list showing:

• Connection Name and associated domain
• Connection Type (OIDC or SAML badge)
• Enable/Disable Toggle: Control whether the connection is active and can be used to login
• Action Buttons:
  • Test: Verify the connection configuration
  • View: See detailed connection information
  • Edit: Modify connection settings
  • Delete: Remove the connection

Note

Connections cannot be disabled or deleted if they are the only connection available to the organisation.

Test Your Connection

Check your connection has been set-up correctly by clicking the Test button before rolling out to users! Click here for more information

Viewing Connection Details

Clicking View on a connection displays all configuration details including:

• Connection Name
• Strategy (OIDC/SAML) and status
• Configured domains
• Full configuration details specific to the connection type (Client ID, Discovery URL, Scope, etc.)

Editing a Connection

The Edit button opens a form where you can modify all connection settings. The form layout is identical to the creation form, allowing you to update:

• Connection name and domains
• Authentication strategy settings
• Provider-specific configuration

Note

You will have to provide your client secret each time you update your connection.

Click Update Connection to save your changes or Cancel to discard them.

Testing Connections

The Test button allows you to verify your connection configuration. When you click Test, you’ll see a modal explaining what will happen:

1. You’ll be redirected to your identity provider (IdP)
2. You’ll need to sign in with your IdP credentials
3. You’ll be returned to confirm the test result

Important: Ensure the email address for your IdP and Ingenuity login match.

Clicking continue will redirect you to your identity provider’s login page to authenticate.

Successful Test

If the connection is configured correctly, you’ll see a success message confirming that your connection works, and you can return to the connection management settings.

Failed Test

If the test fails, you’ll receive detailed error information explaining the issue. Common reasons include:

• The identity provider configuration is incorrect
• The identity provider connection is disabled or unavailable
• Authentication credentials are invalid

The error details will help you troubleshoot and fix the configuration.