If you enable SSO but then can't log in using SSO, you can use the local login to regain access. This is only available to users with the Tenant admin user role. See our knowledge base article, Rescue URL for tenant administrators.
Applaud supports single sign-on (SSO) using OAuth, SAML 2.0, or JWT. You can integrate with identity providers such as Okta, OneLogin, Active Directory, or Ping Identity.
SSO improves both security and usability:
- Users only need to sign in once to access multiple systems.
- Reusing the same password across accounts is a common risk—if one account is compromised, others may be exposed.
- With SSO, this risk is minimized while giving users a seamless sign-in experience.
The Applaud mobile app also supports biometric authentication for even faster, more secure access. Options include Face ID, Touch ID, and Android fingerprint recognition.
Signing in
- By default, users sign in with a username and password.
- If you configure SSO for your tenant, users authenticate through your chosen identity provider.
-
On their first mobile app sign-in, users can enable biometric login (for example, Face ID).
Best practices
- Enable multi-factor authentication (MFA): Combine SSO with MFA to strengthen account security.
- Rotate certificates and keys regularly: Keep your OAuth, SAML, and JWT configurations secure and up to date.
- Test in a staging environment: Verify SSO and biometric sign-in flows before rolling them out to all users.
- Encourage biometric sign-in: Biometric login reduces reliance on passwords while maintaining security.
Tasks you can perform here:
- Set up Google single sign-on
- Configure SAML single sign-on with Okta
- Configure SAML single sign-on with OneLogin
- Set up single sign-on with a JSON web token