Skip to main content

[Flex] Single Sign-On (SSO)

Learn how to configure Single Sign-On (SSO) in OfficeRnD Flex for members and admins using external authentication providers.

Updated over a week ago

Setting up Single Sign-On (SSO) in OfficeRnD Flex helps you simplify login management for your members and admin teams. With SSO, you reduce the number of passwords to remember, speed up the login process, and strengthen security across your organization.

By following this article, you will be able to configure and manage SSO for both members and admins, ensuring an optimal authentication experience through trusted providers like Google, OKTA, or Office365.

Before you start

Before setting up SSO, keep in mind the following limitation:

  • If an admin is part of two OfficeRnD organizations with different login strategies—one requiring SSO and one requiring a password login—they will be logged out each time they switch between the two organizations for security reasons.

What is Single Sign-On (SSO)

Single Sign-On (SSO) is an authentication method that allows users to securely log in to multiple applications and websites using one set of credentials. In OfficeRnD Flex, SSO can be used by both members and admin teammates.

When SSO is active, users no longer need to maintain multiple usernames and passwords for different systems.

Benefits of using Single Sign-On (SSO)

Using SSO provides several benefits for organizations and users:

  • Reduces the number of passwords that users must remember.

  • Simplifies username and password management for admins.

  • Reduces security risks for organizations, members, partners, and vendors.

  • Speeds up the login process and improves onboarding for new applications.

Types of SSO supported by OfficeRnD Flex

OfficeRnD Flex supports Single Sign-On for two types of users:

  • SSO for Member Tools: Allows members to log in to the Member Portal and Member Apps using an SSO provider.

  • SSO for the Admin Portal: Allows admin teammates to log in to the Admin Portal using an SSO provider.

Supported SSO providers include OKTA, Google GSuite, and Office365 (Entra ID).

Differences between Admin SSO and Member SSO

The setup steps for Admin SSO and Member SSO are identical but offer different configuration options based on the user group.

Admin SSO

When setting up Admin SSO, you can enforce SSO for all admin teammates by enabling the Enforcing SSO setting.

Important considerations when enforcing Admin SSO:

  • Enforcing SSO locks out all admins from the standard OfficeRnD login. Only SSO login will be allowed.

  • Verify all authentication provider links are correct before enforcing SSO.

  • Ensure you have successfully logged in with SSO at least once before enforcing.

  • Save all the provided OfficeRnD links required for the authentication provider setup.

Members SSO

When setting up Member SSO, two additional settings are available:

  • Account Activation:

    • If turned on, existing members can log in to the Member Portal without needing a welcome email.

    • If turned off, members must be invited manually by an admin.

  • Turn Off Password Login:

    • If turned on, members can only log in using SSO and cannot use email/password credentials.

    • Turning on this setting removes:

      • The standard email/password login.

      • The Public Calendar Page and Sign-up Page.

      • Password reset links.

      • Token-based authentication in welcome emails.

General setup for Single Sign-On

OfficeRnD Flex supports SSO configuration with any OIDC-compatible provider. Follow these steps to set up SSO:

  1. Log in to your identity provider account.

  2. Go to your applications and create a new application for OfficeRnD.

  3. In OfficeRnD Flex, go to Settings > Integrations and scroll down to the Authentication integrations.

  4. Click Activate next to Members SSO Authentication or Admins SSO Authentication.

  5. Scroll up and click Configure under Members SSO Authentication or Admins SSO Authentication.

  6. In the Edit Authentication Integration dialog, copy the Base URL and Return URL.

  7. In your identity provider:

    • Use the Base and Return URL to configure your application.

    • Obtain the Client ID, Client Secret, and Discovery URL.

  8. In OfficeRnD Flex, paste the Client ID, Client Secret, and Discovery URL into the corresponding fields in the authentication configuration panel.

  9. Choose a Title for the SSO login button (for example: "Login with Google").

  10. Click Update to complete the setup.

You can now test your SSO login to ensure it works before enforcing it for your organization.


How to set up SSO with specific providers

FAQ: Single Sign-On (SSO) in OfficeRnD Flex

What happens if an admin belongs to two organizations with different authentication methods?


Suppose an admin is part of two organizations using different login strategies (one with SSO and one with password login). For security reasons, the system will log them out each time they switch between the two organizations.

Can members log in to the Member Portal without an invitation if SSO is enabled?


Yes. If the Account Activation setting is enabled for Member SSO, members can log in to the Member Portal directly without receiving a welcome email.

What happens if I turn off password login for members?


Turning off password login forces members to use only SSO. It removes the email password login, public calendar pages, sign-up pages, password resets, and portal invite tokens.

What should I do before enforcing SSO for admins?


Before enforcing SSO for admins, you must test and confirm that you can successfully log in using SSO. Always double-check your authentication provider links.

Related Articles
Single Sign-On (SSO) Authentication with AD FS
Single Sign-On (SSO) Authentication with Entra ID (Azure)
Single Sign-On (SSO) Authentication with Google
Single Sign-On (SSO) Authentication with Okta
[Workplace] Single Sign-On (SSO) Authentication
Did this answer your question?