Complete Enterprise Guide

How to Set Up SSO for Saylo

Configure JWT-based Single Sign-On for enterprise-grade security

Last updated: January 202510 min read

Saylo provides a flexible JWT-based Single Sign-On (SSO) solution that allows you to integrate with your existing identity provider or authentication system. This approach gives you complete control over user authentication while maintaining enterprise-grade security standards.

In this guide, we'll walk you through setting up SSO for your Saylo workspace using JWT tokens, including configuration options for popular identity providers.

Table of Contents

What You'll Get with SSO Integration

Enterprise Security

Leverage your existing identity provider's security policies and authentication methods.

  • • JWT-based authentication
  • • Custom secret key management
  • • Centralized user management
  • • Secure token validation

Seamless Team Management

Automatically provision and manage users based on your existing identity system.

  • • Automatic user provisioning
  • • Custom login URL configuration
  • • User metadata synchronization
  • • Secure session management

How Saylo SSO Works

Understanding the JWT-based authentication flow

1. User Authentication

User authenticates through your identity provider or custom system

2. JWT Generation

Your system generates a JWT token with user information

3. Saylo Login

User is automatically logged into Saylo using the JWT token

Technical Flow

  1. 1User clicks login on your custom SSO page
  2. 2Your system authenticates the user
  3. 3Generate JWT with user data (email, name, avatar)
  4. 4Redirect to Saylo with JWT: https://saylo.io/api/v1/[project]/sso?jwt=TOKEN&redirect_to=URL
  5. 5Saylo validates JWT and creates/updates user account
  6. 6User is automatically logged in and redirected

Step-by-Step Setup Guide

Follow these simple steps to configure SSO for your Saylo workspace

1

Access SSO Settings

Navigate to your Saylo workspace settings to begin the SSO configuration process.

How to access SSO settings:

  1. 1. Log into your Saylo dashboard
  2. 2. Go to your project settings
  3. 3. Navigate to "Integrations" tab
  4. 4. Find "Single Sign-On" section
  5. 5. Click "Connect" to begin configuration

Note: Only project administrators can configure SSO settings.

2

Configure SSO Settings

Set up your custom login URL and JWT secret in the Saylo SSO modal.

Required configuration:

  • Custom Login URL: Your SSO login page (e.g., https://yourdomain.com/sso/saylo)
  • JWT Secret: Secret key for signing JWT tokens (auto-generated or custom)

Security tip: Use a strong, unique JWT secret and keep it secure.

3

Implement Your SSO Endpoint

Create the authentication endpoint that will generate JWT tokens for Saylo.

Implementation requirements:

  1. 1. Authenticate user with your identity provider
  2. 2. Generate JWT token with required payload
  3. 3. Redirect to Saylo SSO endpoint with JWT
  4. 4. Handle error cases and validation

Note: We'll provide code examples for popular providers below.

4

Test the Integration

Verify that SSO is working correctly before enabling it for all users.

Testing process:

  1. 1. Visit your custom login URL
  2. 2. Complete authentication flow
  3. 3. Verify redirect to Saylo works
  4. 4. Check that user account is created/updated
  5. 5. Test user permissions and access

Success! If the test works, your SSO integration is ready.

JWT Token Configuration

Required JWT payload structure and configuration details

Required JWT Payload

Your JWT token must include these fields for proper user provisioning:

{
  "email": "user@example.com",     // Required - User's email address
  "name": "John Doe",              // Required - User's full name
  "avatar_url": "https://...",     // Optional - User's avatar URL
  "iat": 1640995200,               // Required - Token issued at (timestamp)
  "exp": 1641081600                // Required - Token expiration (timestamp)
}

Saylo SSO Endpoint

Use this endpoint to authenticate users with Saylo:

Endpoint:https://saylo.io/api/v1/[project-slug]/sso
Method:GET
Parameters:
  • jwt - Your signed JWT token (required)
  • redirect_to - URL to redirect after login (required)

Security Requirements

Ensure your JWT implementation meets these security standards:

  • • Use a strong secret key (minimum 32 characters)
  • • Set appropriate token expiration (recommended: 5-15 minutes)
  • • Include proper JWT headers (alg: HS256)
  • • Validate all required fields before token generation
  • • Use HTTPS for all SSO endpoints

Integration with Popular Providers

Setup guides for common identity providers and authentication systems

Google Workspace / Google Cloud Identity

Integrate with Google's authentication system using OAuth 2.0 and JWT.

Setup steps:

  1. 1. Create OAuth 2.0 credentials in Google Cloud Console
  2. 2. Configure authorized redirect URIs for your SSO endpoint
  3. 3. Implement OAuth flow to get user information
  4. 4. Generate JWT with user data and redirect to Saylo

Visit Google's OAuth documentation

Microsoft Azure AD / Microsoft 365

Connect with Azure Active Directory for enterprise authentication.

Setup steps:

  1. 1. Register an application in Azure AD
  2. 2. Configure redirect URIs and required permissions
  3. 3. Implement Microsoft identity platform authentication
  4. 4. Generate JWT with user data and redirect to Saylo

Visit Azure AD documentation

Okta

Use Okta as your identity provider with SAML or OAuth integration.

Setup steps:

  1. 1. Create an Okta developer account
  2. 2. Create a new application in Okta Admin Console
  3. 3. Configure SAML or OAuth settings for your SSO endpoint
  4. 4. Implement authentication flow and JWT generation

Visit Okta SSO documentation

Custom Authentication System

Build your own authentication system and integrate with Saylo.

Implementation guide:

  • • Implement your authentication logic (database, LDAP, etc.)
  • • Generate JWT tokens using your secret key
  • • Create SSO endpoint that redirects to Saylo
  • • Handle user provisioning and session management

Example: Use libraries like jsonwebtoken (Node.js) or PyJWT (Python)

Code Examples

Sample implementations for common programming languages

Node.js Example

const jwt = require('jsonwebtoken');
const express = require('express');

const app = express();
const JWT_SECRET = 'your-saylo-jwt-secret';
const SAYLO_SSO_URL = 'https://saylo.io/api/v1/your-project/sso';

app.get('/sso/saylo', (req, res) => {
  // Authenticate user (implement your logic here)
  const user = authenticateUser(req);
  
  if (!user) {
    return res.redirect('/login');
  }

  // Generate JWT payload
  const payload = {
    email: user.email,
    name: user.name,
    avatar_url: user.avatar_url,
    iat: Math.floor(Date.now() / 1000),
    exp: Math.floor(Date.now() / 1000) + (5 * 60) // 5 minutes
  };

  // Sign JWT
  const token = jwt.sign(payload, JWT_SECRET, { algorithm: 'HS256' });
  
  // Redirect to Saylo
  const redirectUrl = `${SAYLO_SSO_URL}?jwt=${token}&redirect_to=${encodeURIComponent('/dashboard')}`;
  res.redirect(redirectUrl);
});

Python Example

import jwt
import time
from flask import Flask, redirect, request

app = Flask(__name__)
JWT_SECRET = 'your-saylo-jwt-secret'
SAYLO_SSO_URL = 'https://saylo.io/api/v1/your-project/sso'

@app.route('/sso/saylo')
def sso_saylo():
    # Authenticate user (implement your logic here)
    user = authenticate_user(request)
    
    if not user:
        return redirect('/login')
    
    # Generate JWT payload
    payload = {
        'email': user.email,
        'name': user.name,
        'avatar_url': user.avatar_url,
        'iat': int(time.time()),
        'exp': int(time.time()) + 300  # 5 minutes
    }
    
    # Sign JWT
    token = jwt.encode(payload, JWT_SECRET, algorithm='HS256')
    
    # Redirect to Saylo
    redirect_url = f"{SAYLO_SSO_URL}?jwt={token}&redirect_to={quote('/dashboard')}"
    return redirect(redirect_url)

Security Features

Enterprise-grade security measures built into Saylo SSO

Authentication Security

  • • JWT signature validation
  • • Token expiration checking
  • • Secure secret key management
  • • HTTPS enforcement

User Management

  • • Automatic user provisioning
  • • Email-based user identification
  • • User metadata synchronization
  • • Secure session creation

Data Protection

  • • Encrypted data transmission
  • • Secure cookie management
  • • Session timeout controls
  • • Audit trail logging

Integration Security

  • • Project-specific JWT secrets
  • • URL validation and sanitization
  • • Error handling and logging
  • • Rate limiting protection

Common Issues & Solutions

Quick fixes for the most common SSO configuration problems

JWT Validation Errors?

If you encounter JWT validation issues:

  • • Ensure your JWT secret matches exactly in both systems
  • • Check that the JWT payload includes all required fields (email, name)
  • • Verify the token hasn't expired (check iat and exp timestamps)
  • • Use HS256 algorithm for JWT signing

User Not Created?

If users aren't being created in Saylo:

  • • Verify the email field contains a valid email address
  • • Check that the name field is not empty
  • • Ensure the JWT token is properly formatted
  • • Check Saylo logs for specific error messages

Redirect Issues?

If redirects aren't working properly:

  • • Ensure redirect_to parameter is properly URL-encoded
  • • Check that the redirect URL is within your Saylo domain
  • • Verify HTTPS is used for all URLs
  • • Test with a simple redirect URL first

Ready to Enable SSO?

Configure Single Sign-On for your Saylo workspace and streamline user authentication with enterprise-grade security. Your team will love the seamless login experience.

Go to DashboardView All Integrations