{"id":27058,"date":"2025-12-22T15:51:46","date_gmt":"2025-12-22T14:51:46","guid":{"rendered":"https:\/\/monta.com\/en\/?post_type=help-center&#038;p=27058"},"modified":"2025-12-22T16:41:35","modified_gmt":"2025-12-22T15:41:35","slug":"set-up-single-sign-on","status":"publish","type":"help-center","link":"https:\/\/monta.com\/en\/help-center\/set-up-single-sign-on\/","title":{"rendered":"Set Up Single Sign-On (SSO) with Monta"},"content":{"rendered":"\n<p>Monta supports Single Sign-On using <strong>OpenID Connect (OIDC)<\/strong>, allowing operators to authenticate users through their existing OAuth 2.0 Identity Providers (IdPs) such as Microsoft Azure AD, Google, Auth0, and others that follow the OIDC standard.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Why Use SSO with Monta?<\/h3>\n\n\n\n<p>SSO improves your organization\u2019s security and simplifies user management by centralizing authentication.<\/p>\n\n\n\n<p>Key benefits include:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Enhanced security<\/strong> \u2013 Centralized control and MFA enforcement.<\/li>\n\n\n\n<li><strong>Streamlined user access<\/strong> \u2013 Users log in once to access Monta and other company apps.<\/li>\n\n\n\n<li><strong>Simplified administration<\/strong> \u2013 Add or remove users directly through your IdP.<\/li>\n\n\n\n<li><strong>Enterprise readiness<\/strong> \u2013 SSO is a core requirement for larger teams and partners.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Supported Providers<\/h3>\n\n\n\n<p>Monta currently supports OIDC-based IdPs, including:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Microsoft Entra ID (Azure AD)<\/li>\n\n\n\n<li>Okta<\/li>\n\n\n\n<li>Google Workspace<\/li>\n\n\n\n<li>OneLogin<\/li>\n\n\n\n<li>Auth0<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Set Up OIDC SSO in Monta<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">1. Configure Your OpenID Connect Provider<\/h3>\n\n\n\n<p>Add the following redirect URI to your IdP configuration:<\/p>\n\n\n\n<p><strong>Redirect URI:<\/strong><\/p>\n\n\n\n<figure class=\"wp-block-embed\"><div class=\"wp-block-embed__wrapper\">\nhttps:\/\/app.monta.app\/identity\/kratos\/self-service\/methods\/oidc\/callback\/{PROVIDER_ID}\n<\/div><\/figure>\n\n\n\n<p>Replace <code>{PROVIDER_ID}<\/code> with your operator identifier.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">2. Provide Configuration Details to Monta<\/h3>\n\n\n\n<p>To complete the setup, send the following information to your Monta representative:<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><thead><tr><th>Field<\/th><th>Description<\/th><\/tr><\/thead><tbody><tr><td><strong>Provider type<\/strong><\/td><td>Microsoft, Google, Auth0, or any OIDC-compliant provider<\/td><\/tr><tr><td><strong>Issuer URL<\/strong><\/td><td>Base URL used to resolve IdP metadata<\/td><\/tr><tr><td><strong>Tenant ID<\/strong><\/td><td>Required for Microsoft Azure AD only<\/td><\/tr><tr><td><strong>Client ID<\/strong><\/td><td>Public identifier for the application<\/td><\/tr><tr><td><strong>Client secret<\/strong><\/td><td>Secret shared between the IdP and Monta<\/td><\/tr><tr><td><strong>Email domains<\/strong><\/td><td>Domains linked to this IdP configuration. Users from these domains: <br>\u2022 Can auto-select the correct IdP on the login page <br>\u2022 Will be restricted to SSO-only login by default. <br>Contact Monta if dual login (SSO + email\/password) is required<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\">First-Time SSO Login<\/h3>\n\n\n\n<p>If a user already has a Monta account with a corporate email address, they must sign in once using their existing login method (email\/password, SMS, etc.).<\/p>\n\n\n\n<p>Monta will link their new OIDC identity to the existing account.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Session Lifetimes<\/h3>\n\n\n\n<p>Default values:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Session lifetime:<\/strong> 30 days<\/li>\n\n\n\n<li><strong>Inactive session timeout:<\/strong> 1 day<\/li>\n<\/ul>\n\n\n\n<p>These can be customized per operator by contacting Monta.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Role Mapping (Just-in-Time Role Syncing)<\/h3>\n\n\n\n<p>Monta can read role information from the IdP-issued ID token and apply Monta roles automatically at each SSO login.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Roles update every time a user signs in through SSO<\/li>\n\n\n\n<li>Requires coordination with Monta to configure role claims and mappings<\/li>\n<\/ul>\n\n\n\n<p>Contact Monta to enable and configure this feature.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Troubleshooting<\/h2>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><thead><tr><th>Issue<\/th><th>Possible Cause<\/th><th>Solution<\/th><\/tr><\/thead><tbody><tr><td>MFA prompts not showing<\/td><td>Not enforced in IdP<\/td><td>Enable MFA policies directly in your IdP.<\/td><\/tr><tr><td>Role mismatch<\/td><td>Incorrect claims mapping<\/td><td>Ensure role claims (e.g., <code>groups<\/code> or <code>role<\/code>) are configured correctly in the IdP.<\/td><\/tr><tr><td>Token errors<\/td><td>Invalid or expired secret<\/td><td>Regenerate the client secret in your IdP and update Monta.<\/td><\/tr><\/tbody><\/table><\/figure>\n","protected":false},"excerpt":{"rendered":"<p>Monta supports Single Sign-On using OpenID Connect (OIDC), enabling users to sign in with their existing corporate identity provider while benefiting from centralized authentication and improved security.<\/p>\n","protected":false},"author":66,"featured_media":0,"parent":0,"menu_order":0,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false},"help_cat":[307,305],"help_tags":[412],"class_list":["post-27058","help-center","type-help-center","status-publish","format-standard","hentry","help_cat-manage-users","help_cat-hub","help_tags-hub"],"acf":[],"_links":{"self":[{"href":"https:\/\/monta.com\/en\/wp-json\/wp\/v2\/help-center\/27058","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/monta.com\/en\/wp-json\/wp\/v2\/help-center"}],"about":[{"href":"https:\/\/monta.com\/en\/wp-json\/wp\/v2\/types\/help-center"}],"author":[{"embeddable":true,"href":"https:\/\/monta.com\/en\/wp-json\/wp\/v2\/users\/66"}],"wp:attachment":[{"href":"https:\/\/monta.com\/en\/wp-json\/wp\/v2\/media?parent=27058"}],"wp:term":[{"taxonomy":"help_cat","embeddable":true,"href":"https:\/\/monta.com\/en\/wp-json\/wp\/v2\/help_cat?post=27058"},{"taxonomy":"help_tags","embeddable":true,"href":"https:\/\/monta.com\/en\/wp-json\/wp\/v2\/help_tags?post=27058"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}