For self-managed customers only, Lilt supports Single Sign-On (SSO), allowing users to sign in to Lilt using an identity provider other than Lilt. Organizations can utilize SSO to simplify account management and reduce password fatigue.

Currently, a user account must pre-exist in the Lilt system before SSO can be used to authenticate the user.

Google SSO

Lilt Platform users can sign in via their Google account.

After being invited to join Lilt by someone in your organization, you can create an account using Google Sign-On.

Users with existing Lilt accounts that use traditional username/password sign in can access their accounts and all their data using Google Sign-On with an email address that matches their existing account. Users may use both sign-in methods interchangeably.

OpenID Connect

Configuration

  • Lilt must be registered as a client with your OpenID Connect (OIDC) provider before installation. Client key, secret, and configuration parameters need to be configured during installation. Those parameters will be set by your systems administrator under the front:config:SSO property in the helm values file.

  • A Lilt installation can support only one OIDC configuration at a time.

  • OpenID support has currently been tested with the following two signing algorithms: SHA256 and HS256.

  • The integration supports encryption with the OpenID provider via HTTPS but does not additionally encrypt the OpenID payload.

Usage

  • After configuration, OIDC authentication can be used to authenticate existing Lilt accounts and their data.

  • To create new user accounts, users must first be invited by email using the “New member” screen in the Lilt Organizations tab. After being invited, new users can sign in using the SSO button on the sign-in page.