Skip to main content
All CollectionsGet StartedAccount Registration, Login and Creating a Project
Single Sign-On (SSO) for Enterprise Customers

Single Sign-On (SSO) for Enterprise Customers

Updated over a month ago

One Click LCA offers two ways for enterprise customers to integrate single sign-on (SSO):

  • SSO via Social logins like Google or Microsoft

  • Enterprise solution which involves SAML 2.0

Google Workspace or Microsoft Office 365

If your company uses Google Workspace or Microsoft Office 365 for user accounts, you can easily set up SSO.

How it Works:

  • Uses the standard OAuth 2.0/OpenID Connect (OIDC) flow.

  • No action is needed on the One Click LCA side.

  • Your IT administrator may need to configure your Google Workspace or Microsoft Office 365 settings to allow external authentication.

User Registration and Linking:

  • New users can register for One Click LCA using their Google or Microsoft login.

  • Existing users can link their One Click LCA account to their Google or Microsoft account if they use the same enterprise email address for both. To link, simply log in with Google or Microsoft on the One Click LCA login page.

Enterprise_Login_1.png

SAML 2.0

For companies using their own identity provider (IdP) that supports SAML 2.0, One Click LCA offers integration using the Service Provider (SP) Initiated flow.

Setup Process:

  • Ensure you can connect to our customer test environment: customersso.1clicklca.com

  • Contact our SSO support team: [email protected]

  • Obtain a key/certificate pair for signing SAML messages (self-signed certificates are acceptable).

  • Coordinate with our technical team to complete the integration and testing in the One Click LCA customer test environment before going live.

How it Works:

  • When a user tries to log in, One Click LCA checks their email domain.

  • If the domain is configured for SAML 2.0 SSO, the user is redirected to your company's IdP for authentication.

  • Existing One Click LCA users can link their accounts to their SAML 2.0 identity. Once linked, they will only be able to log in using SSO.

Enterprise_Login_2.png

Important Things To Consider

  • Reply URL (Assertion Consumer Service URL): https://id.1clicklca.com/realms/oneclicklca/broker/yourcompany/endpoint

  • Entity ID: https://test.oneclicklcaapp.com/sp

  • One Click LCA supports HTTP POST binding, not HTTP REDIRECT.

  • Include at least the NameID attribute in your SAML configuration. NameID format must be email: Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"

  • Ensure all SAML attributes are correctly configured, as they are case-sensitive.

  • Share your public key certificate with One Click LCA support.

  • Inform One Click LCA support at least 2 weeks before renewing your signing certificate to avoid SSO disruptions.

  • Single Logout and IdP-configured session durations are not currently supported.

Related Articles
Multi-Factor Authentication (MFA)
Logging In To Your One Click LCA Account
Activating Your Commercial License
Supported Browsers
Using EN 15804+A2 Data in LCA: A Guide for Building and Product Assessments
Did this answer your question?