SupportDeveloper Docs

SSO Setup

BalkanID makes it easy to integrate Single Sign-On (SSO) with your existing Identity Provider (IdP), helping you streamline authentication and improve security across your organization. By connecting your Identity Provider, you can centralize authentication, reduce password-related risks, and provide a seamless login experience for your users.

We support a wide range of industry-standard IdPs out of the box. Whether you're using a popular cloud IdP like Okta or Azure Entra ID, or a custom in-house solution that supports SAML or OIDC, BalkanID offers flexible support to meet your needs.

Supported Identity Providers

BalkanID currently supports the following IdPs:

  • Auth0

  • Azure EntraID

  • Classlink

  • Cyberark

  • Descope

  • Duo

  • Google Workspace

  • Jumpcloud

  • Keycloak

  • Lastpass

  • Microsoft AD FS

  • miniOrange

  • Okta

  • Onelogin

  • PingOne

  • PingFederate

  • Salesforce

Each of these providers can be configured to enable secure, seamless SSO login for your users within BalkanID.

Don’t See Your IdP?

If your Identity Provider isn’t listed above, no problem! BalkanID also supports any custom SAML 2.0 or OIDC (OpenID Connect)-compliant provider. This flexibility ensures you can still set up SSO, regardless of which IdP you use.

What You'll Need to Get Started

Before setting up your SSO integration, make sure you have the following:

  • Admin access to your Identity Provider

  • Your SAML metadata or OIDC configuration details

  • Admin access to your BalkanID Tenant

If required for SSO setup, the redirect URI for our application is: https://app.balkan.id/auth/login

Important Notice for Okta OIDC Configuration

Please be aware of a known issue with the current Okta OIDC setup suite that may cause configuration errors. Our team is working on a fix.

In the meantime, please follow this temporary workaround to ensure your Okta OIDC integration is set up correctly.

When configuring your Okta OIDC application, you must manually adjust the following three settings:

  1. Scopes: Make sure that openid is added within the desired scopes option as shown in the below image.

  2. Grant Type: Set the grant type to implicit.

  3. Allow ID Token: Ensure the ID Token option is checked and allowed.

  1. User Attribute Mapping: In the user attribute mapping section, change the default value from sub to email for the Login ID user attribute.

Following these specific steps will allow for a successful connection. We apologize for any inconvenience and will remove this notice once the issue is resolved in a future update.

How to Set Up SSO

  1. Log in to the BalkanID.

  2. Under the configure section click Global Settings > SSO Configuration.

  3. Click on the Generate SSO link button.

  4. After clicking "Generate SSO Link," a pop-up or notification will provide you with a unique URL. You'll also see an option to email this link to yourself for convenience.

  5. Clicking on the provided URL will open the SSO Suite, a step-by-step guided experience. This suite will walk you through the configuration process tailored to your chosen SSO provider, ensuring a smooth and accurate setup.

If you need any help or assistance, don't hesitate to reach out to the BalkanID team at [email protected].

PreviousManual user data uploadNextUser role management

Last updated

Was this helpful?