Skip to main content

SSO Integrations

SmartLink acts as an Identity Provider (IdP) and supports OpenID Connect and SAML2 protocols to easily connect your applications. This section contains detailed guides for configuring Single Sign-On (SSO) with various popular applications.

Supported Protocols

OpenID Connect

OpenID Connect is a modern authentication protocol based on OAuth 2.0. It is particularly suitable for modern cloud applications and offers simple and secure integration.

OpenID Connect Endpoints:

  • Configuration: https://[your-smartlink].link.vaultys.org/api/oidc/[appid]/.well-known/openid-configuration
  • Authorization endpoint: https://[your-smartlink].link.vaultys.org/api/oidc/[appid]/authorize
  • Token endpoint: https://[your-smartlink].link.vaultys.org/api/oidc/[appid]/token
  • UserInfo endpoint: https://[your-smartlink].link.vaultys.org/api/oidc/[appid]/userinfo
  • JWKS URI: https://[your-smartlink].link.vaultys.org/api/oidc/[appid]/jwks
  • Issuer: https://[your-smartlink].link.vaultys.org

Note: Replace [your-smartlink] with your SmartLink subdomain and [appid] with the application identifier configured in SmartLink.

SAML2

SAML2 is a proven standard for Single Sign-On, widely used in enterprise environments.

SAML2 Metadata:

  • Entity ID: https://[your-smartlink].link.vaultys.org
  • SSO URL: https://[your-smartlink].link.vaultys.org/api/saml2/sso/[appid]
  • IdP Metadata: https://[your-smartlink].link.vaultys.org/api/saml2/[appid]/metadata
  • SLO URL: https://[your-smartlink].link.vaultys.org/api/saml2/slo/[appid]

Note: Replace [your-smartlink] with your SmartLink subdomain and [appid] with the application identifier configured in SmartLink.

Supported Applications

Cloud and Collaboration Solutions

Nextcloud

Open-source cloud storage and collaboration platform. Configuration via the Social Login plugin for OpenID Connect.

GitLab

Comprehensive DevOps platform supporting OpenID Connect and SAML2 for enterprise authentication.

Trello

Project management and collaboration with SAML 2.0 via Atlassian Access (Enterprise).

Notion

All-in-one workspace for notes and collaboration with SAML 2.0 support (Enterprise).

Monday.com

Work management platform supporting SAML 2.0 and OpenID Connect (Enterprise).

Infrastructure and Networking

Tailscale

Modern mesh VPN using OpenID Connect with WebFinger support for simplified configuration.

Headscale

Open-source control server for Tailscale with OpenID Connect authentication.

Portainer

Management interface for Docker/Kubernetes containers with OAuth2/OpenID Connect support.

Monitoring and Observability

Grafana

Monitoring and observability solution with native OpenID Connect support.

Productivity and Communication

Mattermost

Open-source team messaging platform with SAML2 and OpenID Connect support.

Rocket.Chat

Unified communication solution supporting OAuth2 and SAML2.

BlueMind

Comprehensive French collaborative messaging with SAML 2.0 and OpenID Connect support.

Talkspirit

French collaborative platform with SAML 2.0 and OpenID Connect support.

Whaller

French enterprise social network with SAML 2.0 support.

Jamespot

French digital workplace with SAML 2.0 support.

CRM and Marketing

HubSpot

CRM and marketing automation platform with SAML 2.0 support (Enterprise).

HR and Payroll Solutions

Lucca

Comprehensive French HRIS suite (Figgo, Pagga, Timmi) with SAML 2.0 and OpenID Connect.

Silae

French payroll solution with SAML 2.0 support.

Eurécia

French HR software with SAML 2.0 support.

Document Management

Alfresco

Enterprise content management platform with SAML 2.0 and OpenID Connect.

Wimi

Project and document management platform with SAML 2.0 support.

E-commerce

PrestaShop

E-commerce platform with SSO SAML 2.0 and OpenID Connect modules available.

Management and Administration

Keycloak

Identity broker enabling authentication chaining with SmartLink via SAML2 or OpenID Connect.

Authentik

Authentication and authorization platform with identity federation support.

General Configuration

Before configuring a specific application, make sure you have:

  1. Created the application in SmartLink - Follow the general SSO guide to add your application
  2. Configured the authentication type - Choose between OpenID Connect or SAML2 depending on the application
  3. Defined the redirection URLs - Configure allowed URLs for the return after authentication
  4. Assigned users/groups - Manage who can access the application

Required Information

For OpenID Connect

  • Client ID: Unique application identifier in SmartLink
  • Client Secret: Secret key for application authentication
  • Redirect URI: Return URL after authentication
  • Scopes: Typically openid profile email

For SAML2

  • Entity ID: Unique Service Provider identifier
  • ACS URL: Assertion Consumer Service URL
  • Certificate: X.509 certificate for assertion signature
  • Attribute Mapping: Mapping between SmartLink attributes and the application

Support and Troubleshooting

Common Issues

"Invalid redirect URI"

  • Ensure the redirection URL is exactly the same in SmartLink and the application
  • Watch out for trailing slashes and protocol (http vs https)

"Invalid client credentials"

  • Check the Client ID and Client Secret
  • Ensure the application is properly enabled in SmartLink

"User not authorized"

  • Verify that the user is correctly assigned to the application
  • Check group permissions if applicable

Logs and Debugging

Authentication logs are available in SmartLink:

  • SSO Logs: Administration Section > Logs > SSO
  • User Events: User Profile > Activity

To enable detailed logs on the application side, refer to the specific documentation of each application.

Additional Resources