Configure SSO

Single Sign-On (SSO) allows users to log in to Reemo using their existing company credentials, without having to manage additional passwords.

This integration improves both security and ease of use, while allowing administrators to apply their authentication and compliance policies centrally.

Important

This feature is available starting with the Enterprise plan

Reemo supports several SSO integration methods:

  • SAML (Security Assertion Markup Language) is an open standard that allows a service provider (here Reemo) to trust an identity provider to authenticate users. It is the most common method for SSO in web applications. Examples of providers: Microsoft Entra ID (Azure AD), Okta, Google Workspace, Auth0.

  • LDAP (Lightweight Directory Access Protocol) is a protocol for querying and modifying directory services. It is often used for centralized authentication by connecting to an existing enterprise directory. Examples of providers: Microsoft Active Directory, OpenLDAP.

Each method requires specific configuration on both the Reemo side and the identity provider side. For this, go to the SSO Connectors menu of your organization.

Creation Guides

contacts
Configure via LDAP
Set up an SSO connector linked to an LDAP directory
../guides/ldap.html
graph_4
SAML with Azure AD
Set up a SAML SSO connector on Azure AD
../guides/saml-azure.html
communities
SAML with Okta
Set up a SAML SSO connector on Okta
../guides/saml-okta.html

Advanced Options

When configuring an SSO connector, advanced options allow automation of user management and assignment to the right resources:

Just In Time Provisioning

By enabling Just In Time Provisioning, users from the SAML server are automatically created in Reemo at their first successful login, even if they were not manually added by an administrator.
This greatly simplifies deployment since no prior action is required to provision accounts.

Automatic Collection Mapping

The Extra Mapping section allows you to define rules to automatically associate users with container collections, based on attributes returned by the SAML identity provider.

  • SAML field to map: name of the attribute (e.g. department, group, etc.).

  • Match type: evaluation mode (e.g. REGEX to apply a regular expression).

  • Expected value: the value or pattern which, when present in the attribute, triggers association with the chosen collection (e.g. internet).

This enables automated access: a user whose SAML field matches the defined rule will automatically be added to the corresponding collection.

Example: If the SAML attribute department matches the value internet, then the user will automatically be added to the Internet Navigation collection if that collection has internet as its identifier.