Contents x
    SSO General Settings
    • 14 Oct 2025
    • 3 Minutes to read
    • Print
    • PDF
    Contents

    SSO General Settings

    • Updated on 14 Oct 2025
    • 3 Minutes to read
    • Print
    • PDF
    Article summary

    Introduction

    Setting up Single Sign-On (SSO) can vary depending on the protocol, but there are several core settings that remain consistent across both SAML and OIDC configurations. In this article, we’ll explore the common foundational elements of SSO setups, helping you streamline integration regardless of the protocol you choose.

    Sign-In Overrides during SSO experience

    Configure additional sign-in overrides to allow users to sign in with alternate user and/or device verification mechanisms.

    A. Allow access based on management state of device and skip logged in user verification

    This setting bypasses user verification when granting access to SSO applications on a managed device. It allows administrators to control access based on the device's management state without requiring the user to be re-verified. When enabled, agents will receive a device-based OTP in addition to the user-based OTP, if applicable.

    This option is beneficial in shared, company-owned device scenarios where SSO configurations are applied and multiple users access the same device.

    Prerequsites

    1. Users should be added to the Scalefusion dashboard and migrated to OneIdP.

    2. Users should be assigned to an SSO configuration.

    Settings

    1. Navigate to OneIdP > SSO Configurations > click General Settings.

    2. Select the option “Allow access based on management state of device and skip logged in user verification”.

    3. Select the platform(s) where this setting should be applied.

    Note:

    By default, Android and iOS platforms are unchecked.

    User experience

    1. Users can log in to the same device and access their SSO-enabled applications. A device-based OTP is used during the SSO login process, allowing secure and seamless access tied to the managed device.

    2. If no user is assigned to the device, a OneIdP OTP will be displayed in the Scalefusion Authenticator app on the device.

    3. If a user is assigned to the device, a user-based OTP will be displayed in the Scalefusion Authenticator app on the device. However, other users will also be able to access their SSO-enabled applications on the device, since the access will be based on the device's management state rather than user verification.

    Note:

    If the 'Skip Password on Scalefusion Managed Device' option is enabled in the SSO configuration, only the user assigned to the device and signed in will be able to access applications without a password. All other users will be required to enter their password to log in to their applications.

    B. Allow access based on OTP sent on registered mobile number

    If OTP-based access is enabled for any SSO application, activate this setting to allow users to receive an OTP on the phone number specified in the User Enrollment section before setting up an authenticator app or enrolling a managed device.

    Prerequisites

    1. Phone number is added for the users in the User Enrollment section.

    2. In the Directory settings, navigate to the relevant domain settings and enable “MFA using a third-party authenticator app” under the Multi-factor Authentication section.

    3. The SMS service provider details—Twilio, in this case—must be configured under Utilities > Global Settings > General Settings > SMS Service Provider Settings.

    4. Please ensure that “Allow users to access by setting up MFA using third party authenticator app or OTP sent on email.” option is selected in the concerned SSO Configuration, under Conditional Access Settings.


    Settings

    1. Navigate to OneIdP > SSO Configurations > click General Settings.

    2. Select the option “Allow access based on OTP sent on registered mobile number” under Sign-In Overrides during SSO experience.

      1. Select “Number of times user can request OTP before requiring to setup Authenticator or managing the device” to set a value of how many times a user can request for an OTP. You can set the value between 0 and 20.

    3. Click Save.

    Note:

    If the user exceeds the allowed number of OTP requests, they will be prompted to set up a third-party authenticator instead.

    User Experience

    1. When a user attempts to access an application or service from an unmanaged device, they will be redirected to the OneIdP login screen, where they must enter their email ID and password.

    2. They will see the following screen. Click Complete Sign in.

    3. Scalefusion will perform a compliance check, after which users will be presented with the following screen.

    4. Click Send SMS on Phone Number.

    5. The user must enter the correct registered phone number along with the appropriate country code to receive the OTP.

    6. At this step, the user must enter the OTP received on their registered phone number.

    7. Once done, they will be able to log in.

    Was this article helpful?
    What's Next
    Ambitious companies around the world trust Scalefusion to secure and manage endpoints including smartphones, tablets, laptops, rugged devices, POS, and digital signages. Our mission is to make Device Management simple and effortless along with providing world class customer support.
    By Business Initiative
    Top Features
    Existing Users
    Connect With Us
    Sales and Support
    Copyright © 2023 Scalefusion. All rights reserved.