Skip to main content
System StatusContact Support Agility Community

Continuum Single Sign-On (SSO) Configuration


Continuum 19.1 and later versions support integration with SAML compliant external user authentication tools such as Okta, Centrify, OneLogin, and Ping Identity.

SAML is an XML-based open standard developed by OASIS Security Services Technical Committee. It defines a framework to perform web browser SSO using secure tokens for exchanging security information between web applications. For more information about SAML, its concepts and components, see

Set up SAML Authentication for Continuum Users

Setting up Continuum to use SAML compliant external authentication is a two-step process:

  • Set up Continuum as a Service Provider (SP) with the SAML compliant IdP such as Okta, Centrify, OneLogin or Ping Identity. 
  • Enable SSO in Continuum and configure Continuum to use the SAML compliant IdP for authentication.

Of these two steps, setting up Continuum as a Service Provider with the IdP is out of scope of this topic. However, this topic includes instructions on how to get the Continuum metadata that's required to configure Continuum as a Service Provider with the IdP.

Get the Continuum Metadata

  1. Once you have Continuum installed, log on to Continuum as an Administrator. 
  2. Click the Administration icon ( ctm02.png ) at the top right and select System > Settings from the menu.
  3. Select the SSO tab.
  4. Click Get Metadata.


  1. Save the XML file for later use when you register Continuum as a Service Provider with the SAML IdP.


Enable and Configure SSO in Continuum

  1. With the Continuum metadata at hand, make sure you have configured Continuum as a Service Provider with the SAML IdP. 
  2. Log on to Continuum as an Administrator. 
  3. Click the Administration icon ( ctm02.png ) at the top right and select System > Settings from the menu.
  4. Select the SSO tab.


  1. If you have the IdP metadata XML file, you can import the same by clicking Import IdP XML. Otherwise, you can fill in the fields manually.


Click Upload, browse and select the IdP XML file to import the IdP's metadata. 

You can also copy and paste the configuration XML code in the text box. 

When done, click Validate and Save.

  1. If you do not have the IdP configuration XML file, enter the details for the fields such as the IdP Entity ID, IdP SSO URL, and IdP X509 Certificate. The Service Provider Entity IdAssertion Consumer Service URL (HTTP-POST) and Name ID format fields are auto-filled.
  1. Click Enable SSO.
  2. Click Test Connection and make sure the connection is successful.
  3. Click Save.

This concludes the SSO configuration.

From this point, clicking Sign-in from the Continuum log-on page takes the users to the organization's SSO page.

Configure the IdP's Directory Service Field to Supply the Username 

Continuum uses email ID as the key to identifying user accounts. As a result, user authentication may fail if your IdP does not include the email ID in its SAML response. In such cases, you must make sure that your IdP's response includes the email ID (by mapping the Directory Service Field appropriately).

For example, you must map "mail" as the Directory Service Field to supply the username in Idaptive's Centrify.



Disable SSO

To disable SSO:

  1. Click the Administration icon ( ctm02.png ) at the top right and select System > Settings from the menu.
  2. Select the SSO tab.


3. Click Disable SSO.

   A confirmation message appears.


4. Click Continue.

If you are not able to log on to Continuum after enabling SSO, log on via a shell to the Continuum server and run the following command to disable SSO.