Skip to main content
All CollectionsData security
Single-Sign-On (SSO)
Single-Sign-On (SSO)

Single Sign-On (SSO) in Falcon: Setup and Benefits

Jonas Steeger avatar
Written by Jonas Steeger
Updated over 2 weeks ago

What is Single Sign-On (SSO)?

Single Sign-On (SSO) is an authentication method that allows users to log into Falcon using their existing corporate credentials. This eliminates the need to manage separate login details.

Particularly, social login via services like Microsoft or Google provides a fast, secure, and convenient authentication experience.

Benefits of SSO Integration in Falcon

Easy Access – Use your existing corporate credentials for seamless login.
Enhanced Security – Reduce the risk of phishing and password theft through centralized authentication.
Efficiency – Less time lost due to forgotten passwords and manual resets.
Centralized Management – IT administrators can manage users and access rights through tools like Okta or Microsoft Entra ID.

Supported Authentication Options

Falcon offers SSO through OpenID Connect (OIDC) as well as social login. Users can authenticate using the following methods:

1. Social Login

Users can sign in via existing accounts with these providers:

  • Microsoft – Ideal for businesses using Office 365 or Azure.

  • Google – Perfect for organizations utilizing Google Workspace.

2. SSO via OpenID Connect (OIDC)

Falcon supports integration with OIDC-compatible identity providers (IdPs), including:

  • Okta – A leading identity and access management platform.

  • Microsoft Entra ID (formerly Azure Active Directory) – Suitable for businesses with a Microsoft infrastructure.

Setting Up SSO in Falcon

Prerequisites

To set up SSO, you will need:

✅ An OIDC-compatible identity provider (e.g., Okta, Microsoft Entra ID).
✅ Access to Falcon's Hub settings (Hub Owner rights required).

Steps for Integration

1. Configuration in the Identity Provider (IdP)

  • Create a new OIDC application in your IdP.

  • Enter the following values:

    • Redirect URI: Provided by Falcon.

    • Client ID and Client Secret: Provided by the IdP.

  • Enable the required authentication methods (e.g., MFA, username & password).

2. Configuration in Falcon

  • Navigate to Settings > Security > SSO.

  • Enter your IdP’s Client ID, Client Secret, and OIDC Metadata URL.

  • Enable the SSO integration.

Advanced SSO Settings

Enforcing SSO-Only Login

Administrators can mandate SSO as the only login method, preventing users from signing in with separate passwords.

Defining Exceptions for Specific Users

If necessary, specific users can be designated as exceptions, allowing them to log in with a username and password.

Changes in User Invitation Management with SSO

📌 No manual user creation required – New users can sign in via SSO without needing a separate invitation.

SSO User Management

Activating SSO as a User & Accepting Invitations

Once enabled, users can log in directly with their corporate credentials. If needed, an invitation to use SSO can be sent.

Deleting or Removing SSO Users

Administrators can remove users from Falcon. Access is automatically revoked when the user is deactivated in the IdP.

Advanced Features

Just-In-Time Provisioning (JIT)

🔹 New user accounts are automatically created upon first login to Falcon.
🔹 No manual user creation needed – Ensuring efficient management.

Integration with SCIM for Automated User Management

Falcon supports SCIM (System for Cross-domain Identity Management) for automatic synchronization of users and groups. This allows IT administrators to keep user accounts up to date effortlessly.

Direct Integration with Microsoft Entra ID

Through direct integration with Microsoft Entra ID, users automatically gain access to Falcon. This ensures seamless authentication and simplifies user rights management.

Related Articles
Falcon for administrators
Login with Microsoft or Google (Social Login)
Did this answer your question?