Integration
Let teams sign in with their identity provider
Configure OIDC or SAML, test the login flow, and control access at the org level.
LiveCommand
SSO (OIDC + SAML)
Single sign-on for enterprise identity providers.
Test login flow and metadata links
Audit logs for SSO sign-ins
How it works
What happens behind the scenes once you enable the integration.
- 1Admins configure OIDC or SAML settings.
- 2Users authenticate through the IdP and return to Workspace.
- 3Role mapping controls admin permissions.
Setup checklist
Steps your admin takes to get the integration live.
- Workspace -> Integrations -> SSO settings.
- Enter IdP issuer/metadata and save.
- Use the test login link to validate the flow.
- Share metadata/ACS URL with your IdP admin.
Technical reference
Endpoints and sample requests to hand to your engineering team.
Endpoints
- GET /integrations/sso/oidc
- PUT /integrations/sso/oidc
- GET /integrations/sso/saml
- PUT /integrations/sso/saml
- GET /auth/sso/login?org=<slug>
- GET /auth/saml/metadata?org=<slug>
Sample request
GET https://tenders.indexbox.io/auth/sso/login?org=<slug>&next=/workspace
Notes
- OIDC uses standard discovery and redirect URI.
- SAML metadata URL is generated after save.
FAQ
Quick answers to common integration questions.
Do you support both OIDC and SAML?
Yes. Configure either OIDC or SAML based on your identity provider.
How do I test the SSO flow?
Use the test login link in Workspace before rolling it out to users.
What does the IdP need from IndexBox?
Use the generated metadata and ACS URL for SAML, or issuer/redirect details for OIDC.
Security & compliance
Controls that keep data safe and auditable.
- Only org admins can manage SSO settings.
- SAML role mapping does not auto-grant Owner.