What is SSO?
Single Sign-On (SSO) lets your employees log into Juno using their existing company credentials — no separate Juno password needed. Juno supports SAML 2.0 SSO with any compatible identity provider.
Supported providers
Juno works with any SAML 2.0 identity provider, including:
- Okta
- Microsoft Azure AD / Entra ID
- Google Workspace
- OneLogin
- Any SAML 2.0 compliant IdP
How it works for users
- Navigate to your organization’s Juno URL
- Click Sign in with SSO (or your provider name)
- You’re redirected to your company’s identity provider
- Authenticate with your company credentials
- You’re redirected back to Juno — logged in
No separate password needed. Your Juno account is linked to your company identity.
Setting up SSO (admins)
Configure SSO at Admin → Security → SSO Settings:
- Get your IdP metadata — download SAML metadata from your identity provider
- Configure in Juno:
- Entry Point — your IdP’s SSO URL
- Certificate — IdP’s signing certificate (PEM format, without headers)
- Issuer — Juno’s entity ID (provided to your IdP)
- Callback URL — where the IdP sends the SAML assertion back
- Set attribute mapping — map IdP fields to Juno fields (email, first name, last name)
- Test — try logging in with a non-admin account before rolling out
Auto-provisioning
When SSO is configured with allowed email domains, new users who authenticate via SSO are automatically provisioned in Juno with the default Learner role. No manual account creation needed.
Troubleshooting
For SSO login failures, see Login Issues.Last modified on March 26, 2026
