configure_sso
Set up single sign-on (OIDC or SAML) with your identity provider to authenticate enterprise users.
Instructions
Configure SSO (OIDC or SAML) for Enterprise authentication.
Enterprise feature. Sets up single sign-on with your identity provider
(Okta, Google Workspace, Azure AD, Auth0, etc.).
Args:
issuer_url: IdP issuer URL (e.g. ``https://accounts.google.com``).
client_id: OIDC client ID or SAML entity ID.
protocol: ``"oidc"`` or ``"saml"``.
client_secret: OIDC client secret (optional for public clients).
redirect_uri: Callback URL after auth. Default: ``http://localhost:8741/sso/callback``.
allowed_domains: Comma-separated email domains (e.g. ``"acme.com,partner.org"``).
role_mapping: JSON string mapping IdP groups to Kiln roles
(e.g. ``'{"admins":"admin","devs":"engineer"}'``).
Input Schema
| Name | Required | Description | Default |
|---|---|---|---|
| protocol | No | oidc | |
| client_id | Yes | ||
| issuer_url | Yes | ||
| redirect_uri | No | ||
| role_mapping | No | ||
| client_secret | No | ||
| allowed_domains | No |