Help Center
Log in
Log in

How can we help?

Common topics:

AI, Tickets, Agents
Help Center
MSP
IT Department
In this Article:

    Related articles

    1. Atera Support
    2. Library
    3. Get to know Atera
    4. Administrative

    Enable single sign-on (SSO)

    Emma Greszes

    Enhance security and streamline logins for your organization with Single sign-on (SSO). Add identity providers using Azure AD or OpenID Connect (OIDC), to reduce login friction, boost security, and provide a smooth, safe login experience for users across specified domains.

    Note:

    • Admin permissions are required to manage SSO.
    • SSO is available to Atera Enterprise plan subscribers.
    • SSO is available to Atera Superpower plan subscribers.
    • Users without SSO are required to log in with two-factor authentication (2FA).
    • Multiple providers can be added.
    • A technician’s email in Atera must be identical to their email in the organization for their SSO to function.

     

    Prerequisites

    Before enabling SSO, first set up your Azure Active Directory (AD) platform, or an Identity Provider (IdP) that supports OpenID Connect (OIDC). 

     

    Azure AD

    To set up your Azure Active Directory (AD) platform, register Atera within your Azure portal, create a client secret, add a URI, and create a user. For detailed steps on this process, see Set up Azure AD for SSO

    Then follow the instructions below to add identity providers

     

    OpenID Connect (OIDC)

    To set up an Identity Provider (IdP) that supports OpenID Connect (OIDC), create user accounts within the IdP, register Atera with the IdP, and assign Atera users. For detailed steps on this process using Okta as an IdP example, see Single sign-on (SSO) with your Identity Provider

    Then follow the instructions below to add identity providers

     

    Add identity provider

    After your Azure AD or IdP is set up, add your first identity provider in Atera to activate SSO for your account.

    Note: You can enable SSO for multiple providers and domains.

     

    To add an identity provider:

    1. Click Admin > Users and security > Security and authentication.

    The Security and authentication page appears.

    Security and authentication > Authentication > SSO.jpg

    2. Click to expand the Authentication section.

    3. From the Single sign-on (SSO) tab, click Add provider.

    The Add provider window appears.

    Select SSO provider GIF.gif

    4. Under the SSO protocol dropdown, select Azure AD or OpenID Connect (OIDC)

     

    Continue with Azure AD

    Security and authentication > Authentication > SSO > Add provider window > AAD.jpg

    5. Enter your Azure AD details:

    • Domain: Enter the domain set up in your Azure AD account.
    • Alias domain names: Enter any alternative domain names. To enter more than one, separate them using commas.
    • Application (client) ID: Enter the client ID generated when registering Atera in Azure AD. See, How to generate a client ID
    • Client secret: Enter the client secret generated in your Azure AD account. See, How to generate a client secret
    • Redirect URL: Enter the Redirect URL you have stored within the app registration in your Azure AD account (https://auth.atera.com/login/callback).

    6. Click Add provider.

     

    Continue with OpenID Connect (OIDC)

    Security and authentication > Authentication > SSO > Add provider window > OIDC.jpg

    5. Enter your OIDC details:

    • Domain names: Enter the domain set up in your IdP. To enter more than one, separate them using commas.
    • Issuer URL: Enter the URL for your IdP. Ensure the URL ends with '/.well-known/openid-configuration' and doesn't contain 'admin.'
    • Client ID: Enter the client ID generated when registering Atera with your IdP. This is the confidential identifier that the IdP assigns to your application to recognize it during the authentication process. For more info, see Get Client ID
    • Client secret: Enter the client secret generated by your IdP. For more info, see Get Client Secret
    • Redirect URL: Enter the redirect URL you have stored within the app registration in your IdP (https://auth.atera.com/login/callback).

    6. Click Add provider.

     

    Manage domains

    Manage your SSO domains and identity providers from the Authentication settings. You can view the client secret, edit domain details, or remove a domain from SSO authentication.

    Removing a domain from SSO will require users associated with that domain to log in with Two-factor authentication (2FA)

     

    To remove a domain from SSO:

    1. Click Admin > Users and security > Security and authentication.

    The Security and authentication page appears.

    2026-05-11_13-25-08.jpg

    2. Click to expand the Authentication section.

    3. From the Single sign-on (SSO) tab, hover over the domain to manage the identity provider:

    • Copy client secret: Copy the client secret to securely paste it into your identity provider or internal documentation.
    • Show password: Reveal the client secret to verify or review the current authentication configuration for the provider.
    • Edit domain: Update the domain configuration, including provider details, alias domains, client credentials, and authentication settings.
    • Remove domain: Remove the domain and identity provider from SSO authentication, requiring users associated with the domain to log in with 2FA instead.

     

     

     

    Copyright © Atera Networks Ltd.2023

    apple store app google play app

    AICPA SOC for Service Organizations and ISO 27001 certified