SSO (Single Sign-On) Setup for Sphere Enterprise
Overview
The following article provides instructions on how to set up a SSO (Single Sign-On) connection to an existing FARO® Sphere Enterprise subscription.
SSO Benefits
- Users don’t need an additional password. Having to manage a password for every cloud service can be tiresome for users.
- Some IT departments review the password policy or password expiration of each cloud service. By using SSO, customers can benefit from existing security measures that they have set up within their own login provider, including multi-factor authentication.
- Whenever employees leave the company, their login can be deactivated from a central location for all SSO-enabled cloud services. This eliminates the need to manually deactivate the Sphere login of former employees.
Prerequisites
- A single sign-on provider which supports the OpenID Connect or SAML 2.0 protocol. Azure AD is also supported
- A workspace with the Sphere Enterprise subscription
- The current user has the “manage-users” permission within the same workspace. Note: The owner of a workspace always has this permission.
Setup
Before proceeding, verify the requirements within the Prerequisites section above.
- Login to your Sphere Enterprise workspace using your current login credentials.
- Click the Settings Icon
at the top right of the screen (or go to: https://www.farosphere.com/home/settings).
- Click on the “Single Sign-On” tab. Note: The “Before you get started” section on top of the page also explains the process.
- Depending on the connection protocol you are using, enter the connection details as follows:
Connection via OpenID Connect Protocol (preferred):
Connection via SAML 2.0 Protocol or Azure AD:
Usage
Once SSO is fully set up, your company’s users can use SSO by entering their email address on the Sphere login form. On the usual login form with email and password, the password field will disappear, and the “Log In” button will redirect the user to your SSO provider.
On their first login, SSO users don’t need to use the “Sign Up” tab on the login page, but can directly proceed with the login.
Login form for regular Sphere users:![]() |
Login form for SSO users:![]() |