ATERA - SSO configuration
This application has not been formally tested by Kelvin Zero Inc. It is provided solely as a reference guide. If you encounter any issues, kindly submit a ticket directly through the support desk.
This documentation provides a step-by-step guide to setting up Single Sign-On (SSO) for Atera using Multi-Pass. SSO simplifies user authentication by allowing access to multiple applications with a single set of credentials. This integration enhances security and improves user experience across your organization.
To set up Multi-Pass with Atera, ensure you meet the following requirements:
- Atera admin rights
- MPAS Admin rights
- Make sure that all users intended to use SSO in Atera are registered in your IdP and have the necessary permissions to access Atera.
Important: Custom elements in URLs (like realm names) are case sensitive. Make sure to match the exact casing from your environment.
ATERA - SSO configuration
Step 1 - Configure Atera as the Service Provider (SP)
- Sign in to Atera as an Administrator.
- Go to Admin
- Select Users and Security
- Click on Security and authentication and then on Single Sign-On (SSO).
- Click Add Identity Provider and choose OpenID Connect (OIDC).
- Complete the form using the values from Multi-Pass below :
| Setting / Parameter | Value |
|---|---|
| Issuer URL | https://ca.auth.kzero.com/realms/<TENANT_NAME> |
| Authorization Endpoint | https://ca.auth.kzero.com/realms/<TENANT_NAME>/protocol/openid-connect/auth |
| Token Endpoint | https://ca.auth.kzero.com/realms/<TENANT_NAME>/protocol/openid-connect/token |
| JWKS / Public Keys Endpoint | https://ca.auth.kzero.com/realms/<TENANT_NAME>/protocol/openid-connect/certs |
| Client ID | Value defined in Multi-Pass (e.g., atera) |
| Client Secret | To be retrieved from Multi-Pass (see Step 2). |
| Scopes | openid email profile |
| Redirect URI (Callback) | https://app.atera.com/api/oidc/callback |
- Click on Save
Claims required: ensure the ID Token includes at least sub, email, and name. Atera uses email to match user accounts.Step 2 - Configure Multi-Pass as the Identity Provider (IdP)
In OIDC, the Client ID is defined in the IdP (Multi-Pass) when creating the app (e.g., atera). It is not an application URL. The Client Secret is generated by Multi-Pass and must be copied into Atera.
- Select the correct tenant.
- Go to Integrations > Applications.
- Under Custom Integration, select OIDC.
- Complete the form :
| Field | Value |
|---|---|
| Client ID | atera (must match in Atera) |
| Name | Atera |
| Description | Atera SSO integration |
| Client Authentication | Enabled (confidential client) |
| Home URL | https://app.atera.com |
| Valid Redirect URIs | https://app.atera.com/api/oidc/callback |
- Complete the fields below, then click Add integration.
- On the left side, click on Advanced Console
- Click on Clients, search for Atera.
- Click on Credential
- Make sure Client Authenticator = Client ID and secret
- Copy the values to configure in Atera
Multi-Pass OIDC endpoints (to paste into Atera)
| Setting / Parameter | Value |
|---|---|
| Issuer URL | https://ca.auth.kzero.com/realms/<TENANT_NAME> |
| Authorization Endpoint | https://ca.auth.kzero.com/realms/<TENANT_NAME>/protocol/openid-connect/auth |
| Token Endpoint | https://ca.auth.kzero.com/realms/<TENANT_NAME>/protocol/openid-connect/token |
| JWKS / Public Keys Endpoint | https://ca.auth.kzero.com/realms/<TENANT_NAME>/protocol/openid-connect/certs |
| Scopes | openid email profile |
Step 3 - Test the integration
- Sign out of Atera.
- On the login page, select Sign in with SSO.
- Authenticate via Multi-Pass (passwordless: push, biometrics, FIDO2, etc.).
- Upon success, you are redirected back to Atera with an active session.
Expected result: users authenticate via Multi-Pass passwordless. Atera no longer stores user passwords; identity policies are centralized in Multi-Pass.
Related Articles
OpenID Connect (OIDC) SSO Integration Guide
This guide provides a general overview and step-by-step instructions for configuring OpenID Connect (OIDC) authentication between Multi-Pass (IdP) and a third-party Service Provider (SP). OIDC is a modern identity layer built on top of OAuth 2.0 that ...Drupal - SSO configuration
Please note that this application has not been formally tested by Kelvin Zero Inc. It is provided solely as a reference guide. If you encounter any issues, kindly submit a ticket directly through the support desk. This documentation provides a ...Mendix - SSO Configuration
This document has been tested and approved by Kelvin Zero Inc This documentation provides a step-by-step guide to setting up Single Sign-On (SSO) for Mendix using Multi-Pass. SSO simplifies user authentication by allowing access to multiple ...Outsystems (Apps) - SSO Configuration
This application has not been formally tested by Kelvin Zero Inc. It is provided solely as a reference guide. If you encounter any issues, kindly submit a ticket directly through the support desk. This documentation provides a step-by-step guide to ...N-Central (N-Able) - SSO configuration
This application has not been formally tested by Kelvin Zero Inc. It is provided solely as a reference guide. If you encounter any issues, kindly submit a ticket directly through the support desk. This documentation provides a step-by-step guide to ...