Sprinto DashboardAPI Reference

SSO Login

Configure Single Sign-On (SSO) in Sprinto to enable secure, centralised authentication for your organisation’s domains.

The SSO Login section in Settings allows you to enable a single sign-on (SSO) provider for one or more domains within your organisation. This centralises authentication, enhances security, and streamlines access for all team members.

Authentication Errors Due to Blocked Third-Party Cookies

If your organisation uses a Mobile Device Management (MDM) or endpoint security solution that blocks third-party cookies as part of its security policy, certain Sprinto integrations — including Microsoft Entra ID (Azure AD) — may fail during authentication.

In such cases, you might encounter a “CSRF verification failed” or a similar authorisation error when attempting to connect the integration.

Resolution

To ensure successful authentication and a smooth integration flow, update your security or MDM policy to allow cookies and requests from the following domains:

Accessing the SSO Login Page

  1. Navigate to Settings from the left navigation menu.

  2. Select SSO Login from the list of settings options.

Setting Up SSO Login

  1. On the SSO Login page, click Setup SSO Login.

  2. Under Add domains that require custom SSO login, enter the active staff email domains for which SSO setup is required.

    • Click Add Email Domain to add multiple domains if needed.

  3. Click Continue.

  4. A prompt will appear informing you that the integration is powered by a third-party application (WorkOS). Click Continue to proceed.

  1. You will be redirected to the WorkOS configuration page.

  2. On the WorkOS page, select your Identity Provider from the available list (e.g., Okta, Entra ID (Azure AD), Google, ADP, Auth0, CAS, etc.).

    • You can also configure Custom SAML or Custom OIDC if your provider is not listed.

  3. Complete the integration setup as per your identity provider’s instructions.

Once configured, SSO will be enabled for the specified domains, and all login attempts for users with matching email domains will be routed through the configured SSO provider.

PreviousPartner IntegrationsNextTasks

Last updated