How to Manage Identity Providers

:warning: Role required: The features described in this guide require the Organisation Administrator role. If you do not have this role, contact your organisation's administrator.

Identity Providers (IdPs) manage user authentication for your organisation. They allow users to log in using their corporate credentials via OpenID Connect (OIDC) or SAML protocols, enabling single sign-on (SSO) across all Discngine applications.

Navigation

The Identity Providers page lists every configured provider with its type and enabled state.

Click on Identity Providers in the left sidebar or on the Identity Providers card on the home page.

IdP Navigation

The Identity Providers page shows:

Column	Description
Provider Name	The name of the identity provider
Provider Type	The protocol type (e.g., "OpenID Connect with Issuer URL", "Security Assertion Markup Language (SAML)")
Enabled	Whether the provider is currently active
Manage Applications IdP	An "Enable/Disable" button to manage which applications use this provider

At the top of the page:

OIDC metadata: View the OIDC metadata for your organisation (useful for configuring relying parties)
New Provider +: Add a new identity provider

How to Add an Identity Provider

The New Provider dialog with provider type defaulted to OpenID Connect.

When you switch the Provider type to OpenID Connect with Issuer URL, the form asks for the issuer URL instead of explicit endpoints:

New Provider dialog configured for OpenID Connect with Issuer URL.

When you switch to Security Assertion Markup Language (SAML), the form switches to SAML-specific fields:

New Provider dialog configured for SAML.

Click New Provider +.
Select the Identity Provider type:
- OpenID Connect — for providers that support OIDC (Azure AD, Okta, Cognito, etc.)
- SAML — for providers that support SAML 2.0

Fill in the required configuration fields:

For OpenID Connect:

Field	Description	Required
Name	A descriptive name (e.g., "Corporate Azure AD")	Yes
Issuer URL	The OIDC issuer URL from your provider (e.g., `https://login.microsoftonline.com/{tenant}/v2.0`)	Yes
Client ID	The application/client ID from your provider	Yes
Client Secret	The client secret from your provider	Yes
Enabled	Whether this provider is active	No (default: Enabled)

For SAML:

Field	Description	Required
Name	A descriptive name (e.g., "Corporate SAML")	Yes
IdP Endpoint	The SSO login URL from your provider	Yes
Issuer	The entity ID / issuer from your provider	Yes
Certificate	The X.509 signing certificate from your provider (PEM format)	Yes
Enabled	Whether this provider is active	No (default: Enabled)

Click Save.

For provider-specific configuration instructions with screenshots, see the Identity Provider Guides:

Azure AD / Microsoft Entra ID

Okta

Amazon Cognito

GitHub

SAML 2.0

How to Modify an Identity Provider

Click Edit next to the desired Identity Provider.
Update the necessary fields (e.g., rotate a client secret, update the issuer URL).
Click Save.

Tip: When rotating a client secret, update the secret in your IdP provider first, then update it in the Admin Center immediately after to avoid login disruption.

How to Delete an Identity Provider

Click Edit next to the desired Identity Provider.
Click Delete.
Confirm the deletion.

Warning: Deleting an IdP means users who rely on it for SSO will no longer be able to log in via that provider. Ensure affected users have local login enabled before deleting.

How to Manage Application Permissions

The Manage Identity Provider for the applications dialog where you toggle each application to allow or block sign-in via this provider.

Each Identity Provider can be assigned to specific applications. Only the assigned applications will allow SSO login via that provider.

Click the Enable/Disable button next to the desired Identity Provider.
Select the applications this Identity Provider should grant access to.
Click Save.