We want to setup SSO for a client on their tenant. We had setup a POC tenant for them to develop POC’s for them and showcase capabilities of Cumulocity. They want to have SSO enabled in the POC tenant. As per my understanding SSO can be enabled in a subtenant from the management tenant and we dont have access to the management tenant. Is there a way to set up SSO without accessing management tenant.
Yes. Open the subtenant and go to settings/authentication and choose single sign-on. You’ll need to get some info from the client’s Access Managment team for what to fill out.
Many folks internally may not want to reveal the client secret, etc to a vendor. So you’ll probably have to get your internal contact to get that info to you.
Also make sure that the JWT contains groups. Otherwise the mapping won’t work if you base rights on group membership.
did you configure SSO already in the corresponding tab (Single sign-on) as described here: Single sign-on - Cumulocity IoT documentation ?
The Single sign-on redirect option in the select on the Basic settings tab of the Authentication settings will stay disabled until you’ve configured SSO in the other tab.