Single Sign-On (SSO) Integration

If you have an Enterprise account in Row Zero, you can configure single sign-on (SSO) via OpenID Connect (OIDC) using your organization's existing SSO provider (Okta, etc.). Every SSO platform uses slightly different terminology when configuring an SSO integration, so don't hesitate to contact us for help when you are configuring your provider.

Row Zero is configured to use the OpenID Connect implicit flow for single sign-on (response_mode=form_post and response_type=id_token). We request openid profile email scopes and require the email_verified claim in order to secure sharing and communications. These scopes and claims are enabled by default for most SSO platforms.

Here is the information that you will need to configure a new Row Zero application for single sign-on:

  1. Sign-in redirect URL or Authorized Redirect URL:
    • https://auth.rowzero.io/login/callback
  2. Sign-out redirect URL:
    • https://rowzero.io/logout
  3. Initiate login URL (for users to log in to Row Zero through your provider, e.g. by clicking on a Row Zero tile in Okta):
    • https://rowzero.io/startlogin?connection=<CONNECTION_NAME>
    • Note: You will need to replace CONNECTION_NAME above with an identifier that Row Zero will provide. Contact us when you are setting up your SSO integration and we will give you the CONNECTION_NAME to use.

Once you have configured a Row Zero application in your platform, contact us at Row Zero so that we can finish configuring the SSO integration on our end.

This is the information that we will need from you:

  1. The OpenID Connect metadata URL for the application (typically ends in /.well-known/openid-configuration)
  2. The Client ID for the application

Note: You do not need to share a Client Secret because Row Zero currently uses the OpenID Connect implicit flow.