Single sign-on (SSO / OIDC)

Single sign-on (SSO) lets your members sign in to BestDefense through your own identity provider using OIDC. Instead of managing separate BestDefense passwords, your team authenticates with the provider you already run — for example, Microsoft Entra ID — and lands in BestDefense already signed in.

Note

SSO is typically an Enterprise-tier capability and is configured per organization. Check the current requirement and pricing in the app.

What SSO does

• Members sign in through your identity provider rather than with a BestDefense-specific password.
• Multi-factor authentication (MFA) is handled by your provider, so your existing security policies apply automatically.
• Configuration applies to the organization that enables it.

What you need from your IdP

To set up SSO, gather the following from your OIDC identity provider:

• The provider’s issuer or discovery URL.
• A client ID and client secret issued for BestDefense.
• The ability to register a redirect/callback URL for BestDefense in your provider, so it knows where to return users after sign-in.

Who configures it

An administrator sets up SSO for the organization using the values above. See Members & roles for who has administrative access.

Tip

Test sign-in with a single account before rolling SSO out to your whole team, so you can confirm the redirect and provider settings are correct.