Single Sign-on (SSO)

For on-premise customers only, Lilt supports Single Sign-on (SSO), which allows you to authenticate to the Lilt platform using an identity provider other than Lilt.

Currently, user accounts must pre-exist in the Lilt system before SSO can be used to authenticate a user. 

Google SSO

Lilt platform users can sign in via their Google account. 

After being invited to join Lilt by someone in your organization, you can create an account using Google Sign-in. 

Users with existing Lilt accounts that use traditional username/password sign in can access their accounts and all their data using Google Sign-in with an email address that matches their existing account. Users may use both sign-in methods interchangeably.

OpenID Connect

• OpenID Connect (OIDC) authentication is available only for on-premise installations of Lilt.
• Lilt must be registered as a client with your OIDC provider before installation. Client key, secret and configuration parameters need to be configured during installation. Those parameters will be set by your systems administrator under the front:config:SSO property in the helm values file.
• A Lilt installation can support only one OIDC configuration at a time.
• After configuration, OIDC authentication can be used to authenticate existing Lilt accounts and their data.
• To create new user accounts, users must first be invited by email using the “New member” screen in the Lilt Organizations tab. After being invited, new users sign in using the SSO sign in button on the sign in page.
• The integration supports encryption with the OpenID provider via HTTPS but does not additionally encrypt the OpenID payload.
• OpenID support has currently been tested with the following two signing algorithms: SHA256 and HS256.