FAQ: Single Sign-On (SSO)

You asked, we listened! Check out our new SSO FAQ for the latest updates. We’re still in active development, so expect even more improvements in the long term

General SSO Support

• What SSO providers are currently supported by Peplink ID? Peplink ID supports authentication via Google, Apple, Microsoft (including Entra ID), and Okta.

• How do I request a custom SSO integration? Rather than a general solution, Peplink focuses on specific application requirements. You should create a support ticket detailing your specific requirements to initiate this process.

• Can I use SAML with ICVA? No, ICVA does not currently support SAML.

Okta Integration

• Does Peplink ID support Okta? Yes. Okta integration is available for enterprise organizations. Because this requires backend configuration by our engineering team, you must open a support ticket with Peplink to begin the process.

• Where is the Okta login button? There is no “Login with Okta” button on the Peplink ID landing page. The system uses Service Provider Initiated (SP-Init) SSO:

  1. The user enters their email address on the standard Peplink ID login page.
  2. The system identifies the domain (e.g., @yourcompany.com).
  3. The user is automatically redirected to your organization’s specific Okta sign-in page.

• How do I set up the Okta integration? Please follow these steps:

Step 1: Create the Application in Okta

Your organization’s Okta administrator must create a new Application Client specifically for Peplink ID within your Okta Admin Console.

Step 2: Provide Initial Credentials to Peplink

Once the application is created, provide the following details in your Peplink support ticket:

• Okta Account URL (e.g., https://yourcompany.okta.com)
• Application Client ID

Step 3: Configure Redirect URIs

After Peplink registers your Okta instance as a trusted Identity Provider (IdP), the support team will provide you with two specific URLs. You must enter these into your Okta Application Client settings to finalize the handshake:

1. Sign-in Redirect URI: Tells Okta where to send the user after a successful login.
2. Sign-out Redirect URI: Ensures the user is properly disconnected from Peplink ID when logging out.

Note 1: The integration will not function until these URIs are correctly saved within your Okta console.

Note 2: Upon activation of the Okta integration, Peplink will clear all existing local passwords for accounts under your organization’s domain to ensure users authenticate exclusively through SSO. Only designated “breakglass” (emergency) accounts will retain their local passwords. These accounts support up to 255 characters to ensure maximum security in the event of an SSO outage.

Microsoft Entra ID (Azure AD)

• How do I use Microsoft Entra ID with Peplink ID? Users can use the existing “Continue with Microsoft” button. This requires creating a client application for Peplink ID within your Microsoft environment and granting permissions for Peplink ID to authenticate and access the profile scope.

• Does ICVA support Microsoft Entra ID? Yes, ICVA supports Entra ID (formerly Azure AD) for user authentication.

• Can I manage user permissions on InControl/ICVA via Entra ID? No. InControl and ICVA support using Entra ID for user authentication, but not authorization. . All user roles and permissions must be configured and managed locally within the InControl/ICVA platform.

• What are the required settings for ICVA Azure AD integration? Within the ICVA Authentication Settings, you must provide the Azure AD Client ID and Azure AD Client Secret. The Azure AD Tenant ID is optional.

API and Account Management

• How should I set up an account for API access? You must create a Peplink ID using an email address for your API account to ensure it is not added to a suppression list.