Skip to content

Single Sign-On (SSO) Connection

Single Sign-On (SSO) is a protocol for centralizing authentication through third-party identity providers such as Okta or Auth0. It enables organizations to integrate their authentication systems with Leapwork, allowing users to securely log in using their existing credentials.

Note: This feature will be available starting from Release 2025.1.173.

If your organization requires automatic, group-based access control, we recommend using Active Directory integrations, which support role assignment via AD Security Groups.

SSO Setup process

To successfully enable Single Sign-On in Leapwork, both your internal IT team and Leapwork need to complete specific steps. Here's how the process works:

Step 1: Your IT team configures the Identity Provider (IdP).

Before Leapwork can activate the integration, your organization must configure your Identity Provider (IdP), such as Azure AD, Okta, or Auth0.

You will need to provide the following information, depending on the IdP:

  • Auth0: Domain, Client ID, and Client Secret
  • Azure AD: Client ID, Client Secret, and Tenant ID
  • Okta: Issuer URL and Client ID.

Once your IdP is configured and the required values are available, you can move to Step 2.

Step 2: Contact Leapwork to initiate onboarding.

Once your IdP setup is complete, contact Leapwork to start the onboarding process.  

Leapwork will then configure and activate the necessary settings in the appropriate Auth0 tenant and application, completing the SSO connection.

Add Connection

The user who sets up the connection must be an admin. To add a connection, click the Add button and the following pop-up appears:

On the Add Connection pop-up window:

  1. Enter the title in the Title field. It should be unique.
  2. Enter the description in the Description field.
  3. From the Type drop-down, select the SSO option.
  4. Select SSO with Auth0/Okta and the following new fields appear:
  5. Click the Test Connection button to initiate the SSO process.

  6. On the redirected page, log in using your enterprise credentials.
    Note: You will be redirected to your organization's own login page, not a Leapwork-branded screen. The design, logo, and layout will reflect your Identity Provider (e.g., Okta, Auth0, Azure AD) and your company’s branding.

  7. If the test fails, the "Unable to establish a connection" message appears.

  8. If the connection is successful:

    • A confirmation message "Connection is successful" appears.

    • The Organization Name will be displayed.

  9. Click the Save button to confirm the configuration.

Once the connection has been saved, SSO users must be added manually under Settings → User Management.

Only users added under User Management will be allowed to log in using SSO. When those users attempt to access Leapwork, they will be authenticated via the SSO provider.

If an SSO user is not added to Leapwork, the login attempt will be denied, even if their credentials are valid.

Use the Edit or Delete buttons located next to the Add button to modify or remove the connection.

 

Authentication Only – No Authorization via SSO

Leapwork’s SSO integration supports authentication only, not authorization.

 

What Leapwork SSO does:

  • Validates user credentials via your Identity Provider (IdP)

  • Grants access to Leapwork if authentication is successful

What Leapwork SSO does not do:

  • It does not read or apply group claims or role assignments from the IdP

  • Role-based access control must be configured  manually in Leapwork after login

  • If your organization requires automatic, group-based access control, we recommend using Active Directory integrations, which support role assignment via AD Security Groups