Already a NinjaOne customer? Log in to view more guides and the latest updates.

NinjaOne Identity Access Management: Configure Single Sign-On

  • Last Updated March 11, 2026

Topic

This article explains how to configure single sign-on (SSO) in NinjaOne for a new identity provider (IDP).

Environment

  • SSO
  • NinjaOne Integrations

Description

You can use SSO to configure SAML (Security Assertion Markup Language) to access NinjaOne directly from your preferred provider portal. Use unique entity IDs to implement the same identity provider for SAML and SCIM (System for Cross-domain Identity Management).

Select a category to learn more:

Important Considerations About Generic SSO Implementation

SAML allows technicians to access the NinjaOne application using SSO with their preferred provider. SAML can be used with both the standard and branded NinjaOne web application, which supports multiple IdPs.

You may use any IdP that supports SAML 2.0, and we provide user guides for configuring specific IdPs such as Duo, Okta, and Microsoft Azure, to name a few. You can access these guides at Security Assertion Markup Language (SAML) – NinjaOne Dojo.

For generic SSO implementation, you will need the Unique User Identifier (UUID) attribute for each user. The UUID attribute must match the value of your NinjaOne username, which is an email address. The SAML response or assertion must include necessary information, such as whether the session is valid, how long it remains valid, and other security specifications.

By default, NinjaOne uses the UUID attribute to match a NinjaOne user to their IdP account. If the UUID attribute value does not match the NinjaOne username (email address), consider updating the UUID or Name ID to user.mail, user.othermail, or any attribute that will match an account’s NinjaOne username.

Set Up SSO in NinjaOne

You can add multiple SSOs and IDPs to a single instance of NinjaOne.

  1. Navigate to Administration Accounts Identity Provider. Select Add Provider.
IdP_Add provider.png
Figure 1: Add a security provider in NinjaOne
  1. Enter a unique identifier for the Display name. This can be the email domain that uses this integration.
  2. For What email domains will authenticate using this integration?, enter all characters following the @ in the target email domains.
  3. Copy the Reply URL and identifier data from NinjaOne, and paste it in the appropriate field in the SSO provider's settings. You can find examples for specific providers in the Additional Resources section of this article.

configure SSO_url and id.png
Figure 2: Copy the data requested by the IdP (click to enlarge)

  1. Copy the metadata from your IDP and paste it into the Import metadata from field. You can use a URL, file, or XML data; select the applicable option from the drop-down to the left of the text field.
  2. For more information about the Enable conditional NinjaOne MFA bypass option, refer to Skip Multi-Factor Authentication (MFA).
  3. Test and establish the connection.
  4. After testing the connection, you may be prompted to log in. When the test succeeds, click Save, and on the resulting page, click Enable. Single sign-on will now be active.

Enable SSO for NinjaOne Technicians and End Users

To use SSO in NinjaOne, select Single sign-on as the Authentication Type value for each technician in NinjaOne for whom it should be active. You can find more information at End User Sharing and Device Access.

  1. Navigate to Administration → Accounts → Technicians or End Users. Find the technician or end user for whom you wish to enable SSO and open the account configuration page.
  2. In the General section open the Security tab.
  3. Select "Single Sign On" from the Authentication Type drop-down list.

account_general_security_sso.png
Figure 3: Enable SSO for a technician or end user

  1. To apply this change, click Save. Repeat this process for each technician for whom you would like to enable SSO.

Disable SSO

To disable SSO as a provider:

  1. Navigate to Administration Accounts Identity Provider.
  2. Move your cursor over the IDP and click the ellipsis menu button. Select Disable SSO.

disable sso.png
Figure 4: Disable SSO for an IDP

To disable SSO for a single end user or technician:

  1. Open the account configuration page. In the General section, open the Security tab.
  2. Select a new option from the Authentication Type drop-down menu.

Additional Resources

To learn more about NinjaOne's identity services, refer to Identity Authentication and Management: Resource Catalog.

FAQ

Next Steps