# Single Sign-On

{% hint style="info" %}
Single Sign-on is currently being upgraded, additional features will continue to be implemented.
{% endhint %}

SSO Authentication, in collaboration with IndustryApps, allows users to access authorised only application resources by integrating IndustryApps login single sign-on into your application. The feature can be integrated as an addition to your externally hosted application's currently held single sign-on options.

## IndustryApps Single Sign-on (SSO)

Once SSO is set up, third-party app users can sign into IndustryApps and access their resources without requiring an additional sign-in. SSO redirects to the IndustryApps login portal, requesting the users' credentials such as username and password, which gives users access to their authentication restricted resources.

{% hint style="warning" %}
Single Sign-on does not grant permissions for applications for Data Integration. To utilise [Masterdata](/apis-or-data-integration/how-to-access-masterdata.md), [Transactional data](/apis-or-data-integration/how-to-access-transactional-data.md) and [Submodel data](/apis-or-data-integration/submodel-index.md) please see [Data Integration](/apis-or-data-integration.md).
{% endhint %}

### IndustryApps SSO Model

![SSO Model](/files/utnB4aVwvfWVMhpDOjrc)

### SSO Example in your Third-party Application

![Sign-in Options](/files/x9ka6OGWuK3ctRKGJHoM)

## Integrating SSO

The upcoming examples illustrates how SSO can be integrated within your applications' code with IndustryApps SSO in the following technologies.

Configure and Utilise Client-side Applications such as:

* Angular
* Vue

Accept JWT with Server-side Applications such as:

* Java Spring 5
* Python Django

### **Credentials**

To utilize SSO the following credentials are required to be implemented in your application configuration:

* **Issuer**

For **Development** purposes please utilise the UAT environment URI available below:

{% code overflow="wrap" %}

```url
https://auth.uat.industryapps.net/auth/realms/IndustryApps
```

{% endcode %}

For **Production**, please utilise the environment URI available below:

```
https://auth.industryapps.net/auth/realms/IndustryApps
```

* **ClientID**

Each Application which utilises Single Sign-on will be provided a dedicated ClientID during onboarding which acknowledges access.

* **Redirect URI**

The application will require a redirect URI to navigate back after authentication has been completed. The structure of the URI should be implemented as seen below.

***Development:***

```
https://democustomer.uat.industryapps.net/<APPCODE>/
```

***Deployment:***

```
https://democustomer.industryapps.net/<APPCODE>/
```

Deployment will contain the environment URI of the platform customer portal instead of the demo-customer portal.&#x20;

### Optional

**Client Secret**

If your application is currently utilizing an identity and access management service provider which requires a client secret, use the client secret code available on your Platform Dashboard. **By default it is not required.**

<figure><img src="/files/F8hl4As8JZTLzD7IFRKx" alt=""><figcaption><p><strong>Applications > My_APP > App Information</strong></p></figcaption></figure>

**Metadata URL**

In cases such as an identity provider requiring a `.well-known/openid-configuration` URL please use the following credential:

For **development** purposes please utilise the UAT environment URI available below:

```
https://auth.uat.industryapps.net/auth/realms/IndustryApps/.well-known/openid-configuration
```

For **deployment**, please utilise the environment URI available below:

```
https://auth.industryapps.net/auth/realms/IndustryApps/.well-known/openid-configuration
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.industryapps.net/authentication/single-sign-on.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.