# Example SSO Setups Using Identity Providers

> how to configure different types of identity providers used to integrate with Sisense SSO.

*Source: https://docs.sisense.com/main/SisenseLinux/example-setups-using-identity-providers.htm*

---

Last updated: June 10, 2026

|  |  |
| --- | --- |
| [Tier](https://www.sisense.com/pricing/#pricing) | [Deployment](https://docs.sisense.com/main/SisenseLinux/introduction-to-sisense-cloud-managed-services.md#ComparisonofManagedCloudandSelfHosted) |
| Grow    Enterprise | Cloud     On-Prem |

This section explains how to configure different types of identity providers used to integrate with Sisense SSO.

**Note:**

If at any point you misconfigure the SSO session, and you are unable to login via SSO, you can use the direct login:
  
`https://{IP_or_site_URL}/app/account/login`

Or, for a tenant:
  
`https://{IP_or_site_URL}/{tenant_name}/app/account/login`

## Configuration Instructions for SAML

Follow these links to Sisense Community for instructions on setting up Sisense with the indicated third-party providers:

- [Setting Up SSO SAML 2.0 With ADFS](https://community.sisense.com/t5/knowledge/setting-up-sso-saml-2-0-with-adfs/ta-p/9546)
- [Setting Up SSO SAML 2.0 with Auth0](https://community.sisense.com/t5/knowledge/setting-up-sso-saml-2-0-with-auth0/ta-p/9569)
- [Setting Up SSO SAML 2.0 With G Suite](https://community.sisense.com/t5/knowledge/setting-up-sso-saml-2-0-with-g-suite/ta-p/1136)
- [Setting Up SSO SAML 2.0 With Keycloak](https://community.sisense.com/t5/knowledge/setting-up-sso-saml-2-0-with-keycloak/ta-p/9494)
- [Setting Up SSO SAML 2.0 with Okta](https://community.sisense.com/t5/knowledge/setting-up-sso-saml-2-0-with-okta/ta-p/9035)
- [Setting Up SSO SAML 2.0 with OneLogin](https://community.sisense.com/t5/knowledge/setting-up-sso-saml-2-0-with-onelogin/ta-p/9038)
- [Setting Up SSO SAML 2.0 With Salesforce](https://community.sisense.com/t5/knowledge/setting-up-sso-saml-2-0-with-salesforce/ta-p/9037)

## Configuration Instructions for OIDC

### Keycloak

#### Step 1 - Keycloak Configuration

To setup Sisense application integration using Keycloak:

1. Login to Keycloak using an Admin account.
2. To create a Realm, go to the **Realm Settings** dropdown menu (top-left corner) and click the **Add realm** button at the bottom of the list. Enter a
   name for the realm and click the **Create** button.
     

   **Note:**

   For self-contained multitenancy, each organization
   tenant should have a unique **Realm** and **Client**. Also, a tenant specific set
   of **Valid Redirect URIs** should be specified in the **Settings** tab for the **Client**.
3. To create a client, select the **Clients** configuration option from the main menu. Click the **Create** button at the top-right side of the clients list to open the **Add Client** screen. Enter the desired **Client ID** and for **Client Protocol** select the **openid-connect** option. The **Root URL** can remain blank. Click
   **Save**. This will open the new tenant to the **Settings** configuration tab.  
   Settings:
   - Name - Copy the Client ID
   - Access Type - Change from `public` to `confidential`
   - Service Accounts Enabled - Toggle to ON
   - Root URL - The root URL for your Sisense server: `https://{Sisense_server}`. (For example: `http://12.345.67.89:12345`, or `http://test.sisense.com:12345`.)
   - Valid Redirect URIs:
     - For the master system tenant: `/openid_callback`.
     - For an organization tenant, create 2 redirect URIs which include the name of the tenant:
       - `/{tenant_name}/openid_callback`
       - `/{tenant_name}`

#### Step 2 - Sisense SSO Configuration

To set up the SSO Sisense configuration for Keycloak/OIDC, go to the Single Sign On configuration page, (**Admin** tab > **Security & Access** > **Single Sign On**). Configure the following fields, and then go to the topic [SSO Using OpenID Connect](https://docs.sisense.com/main/SisenseLinux/single-sign-on-using-openid-connect.md) for instructions on how to complete the configuration:

- **Scope** - The client scope you created in Keycloak as comma-separated values. For example, `email`. The `openid` tag is appended automatically behind the scenes.
- **Client ID** - The client ID of the relying party. (The client ID you created in Keycloak.)
- **Client Secret** - The secret for the client you created. The **Secret** is found on the **Credentials** tab.
- **Issuer** - The server identifier, typically the base URL of the Keycloak server.  
  Use the following format: `https://{Keycloak_server}/auth/realms/{tenantName}`
- **Authorization URL** - The authorization URL used to make the request for a user’s identity.  
  Use the following format: `https://{Keycloak_server}/auth/realms/{tenantName}/protocol/openid-connect/auth`
- **Token URL** - The URL that returns access token, ID token, and refresh token.  
  Use the following format: `https://{Keycloak_server}/auth/realms/{tenantName}/protocol/openid-connect/token`
- **User Info URL** - The URL that returns information about the currently signed-in user.  
  Use the following format: `https://{Keycloak_server}/auth/realms/{tenantName}/protocol/openid-connect/userinfo`
- **Logout URL** - The URL that users are returned to after they log out.  
  Use the following format: `https://{Keycloak_server}/auth/realms/{tenantName}/protocol/openid-connect/logout`
