Configuring your application

To let users authenticate to your application through the new Single Sign-On service, you need to:

1. Configure your application to require authentication with SAML or OIDC (we generally recommend OIDC, it's much more simple!)

   • If your application is hosted on CERN Platform-as-a-Service (Openshift), please see dedicated instructions how to configure the new CERN SSO for your Openshift application.

2. Add your application to the Authorization Service

3. Define you application's permissions scheme
4. Register the application to use CERN SSO

If you're having trouble, make sure you've configured your SAML or OIDC application correctly to work with CERN SSO!

Note: If you are a third party service provider you will need a CERN counterpart, with a CERN account, to complete the application registration for you.