Organization Owner access is required in PlayerZero to configure SSO. Admin access to your identity provider is also required to create application registrations and configure authentication settings.

Basic Setup Guide

Prerequisites

  1. A PlayerZero organization with Owner permissions
  2. Admin access to your identity provider to:
    • Create application registrations
    • Configure OAuth/OIDC settings
    • Assign user permissions

Choose Your Identity Provider

Click on your identity provider below for specific setup instructions:

Microsoft Entra ID Setup

  1. Create Entra ID Application Registration
    1. Navigate to Azure Portal → Azure Active Directory → App registrations
    2. Click “New registration” and configure:
      • Name: PlayerZero SSO
      • Supported account types: Accounts in this organizational directory only
      • Redirect URI:
        • Type: Web
        • Value: https://[your-playerzero-domain]/api/auth/sso
    3. Note the Application (client) ID from the Overview page
    4. Create a client secret in Certificates & secrets
    5. Add Microsoft Graph permissions:
      • openid — Sign users in
      • email — Read user email
      • profile — Read user profile
  2. Configure SSO in PlayerZero
    1. Navigate to Settings → SSO Configuration in your PlayerZero dashboard
    2. Click “Add SSO Configuration”
    3. Enter your Entra domain:
      • Format: login.microsoftonline.com/[tenant-id] or [tenant].microsoftonline.com
      • Example: contoso.microsoftonline.com
    4. Click “Fetch from Well-Known” to auto-populate endpoints
    5. Enter your Client ID and Client Secret from step 1
    6. Verify the auto-populated settings:
      • Authorization Endpoint: https://login.microsoftonline.com/[tenant]/oauth2/v2.0/authorize
      • Token Endpoint: https://login.microsoftonline.com/[tenant]/oauth2/v2.0/token
      • Scopes: openid email profile
  3. Test and Deploy
    1. Click “Test Connection” to verify the configuration
    2. Complete authentication in the popup window
    3. After successful test, click “Save Configuration”

Google Workspace Setup

  1. Create Google OAuth Application
    1. Go to Google Cloud Console → APIs & Services → Credentials
    2. Create OAuth 2.0 Client ID:
      • Application type: Web application
      • Name: PlayerZero SSO
      • Authorized redirect URIs: https://[your-playerzero-domain]/api/auth/sso
    3. Note the Client ID and Client Secret
  2. Configure SSO in PlayerZero
    1. Navigate to Settings → SSO Configuration in your PlayerZero dashboard
    2. Click “Add SSO Configuration”
    3. Enter your Google domain: accounts.google.com
    4. Click “Fetch from Well-Known” to auto-populate endpoints
    5. Enter your Client ID and Client Secret from step 1
    6. Verify the auto-populated settings:
      • Authorization Endpoint: https://accounts.google.com/o/oauth2/v2/auth
      • Token Endpoint: https://oauth2.googleapis.com/token
      • Scopes: openid email profile
  3. Test and Deploy
    1. Click “Test Connection” to verify the configuration
    2. Complete authentication in the popup window
    3. After successful test, click “Save Configuration”

Okta Setup

  1. Create Okta Application
    1. Sign in to your Okta Admin Console
    2. Navigate to Applications → Applications
    3. Click “Create App Integration”:
      • Sign-in method: OIDC - OpenID Connect
      • Application type: Web Application
    4. Configure the application:
      • App integration name: PlayerZero SSO
      • Sign-in redirect URIs: https://[your-playerzero-domain]/api/auth/sso
      • Controlled access: Assign to appropriate groups/users
    5. Note the Client ID and Client Secret
  2. Configure SSO in PlayerZero
    1. Navigate to Settings → SSO Configuration in your PlayerZero dashboard
    2. Click “Add SSO Configuration”
    3. Enter your Okta domain: [your-org].okta.com
    4. Click “Fetch from Well-Known” to auto-populate endpoints
    5. Enter your Client ID and Client Secret from step 1
    6. Verify the auto-populated settings:
      • Authorization Endpoint: https://[your-org].okta.com/oauth2/v1/authorize
      • Token Endpoint: https://[your-org].okta.com/oauth2/v1/token
      • Scopes: openid email profile
  3. Test and Deploy
    1. Click “Test Connection” to verify the configuration
    2. Complete authentication in the popup window
    3. After successful test, click “Save Configuration”

Auth0 Setup

  1. Create Auth0 Application
    1. Sign in to your Auth0 Dashboard
    2. Navigate to Applications → Applications
    3. Click “Create Application”:
      • Name: PlayerZero SSO
      • Application Type: Regular Web Applications
    4. Configure the application settings:
      • Allowed Callback URLs: https://[your-playerzero-domain]/api/auth/sso
      • Allowed Web Origins: https://[your-playerzero-domain]
    5. Note the Client ID and Client Secret from the Settings tab
  2. Configure SSO in PlayerZero
    1. Navigate to Settings → SSO Configuration in your PlayerZero dashboard
    2. Click “Add SSO Configuration”
    3. Enter your Auth0 domain: [your-tenant].auth0.com
    4. Click “Fetch from Well-Known” to auto-populate endpoints
    5. Enter your Client ID and Client Secret from step 1
    6. Verify the auto-populated settings:
      • Authorization Endpoint: https://[your-tenant].auth0.com/authorize
      • Token Endpoint: https://[your-tenant].auth0.com/oauth/token
      • Scopes: openid email profile
  3. Test and Deploy
    1. Click “Test Connection” to verify the configuration
    2. Complete authentication in the popup window
    3. After successful test, click “Save Configuration”

Token Management

  1. Automatic Token Refresh
    1. PlayerZero automatically manages token refresh cycles
    2. Refresh tokens are handled transparently
    3. Token expiration is configurable (default: 3 days)
  2. Configuration Updates
    1. Test configuration changes before saving
    2. Users may need to re-authenticate after major changes
    3. Monitor the Settings → SSO Configuration section for connection status

Security Considerations

  1. Monitor SSO usage through your identity provider’s audit logs
  2. Implement appropriate conditional access policies in your identity provider
These configurations enable PlayerZero to provide secure, centralized authentication while maintaining security and access control through your organization’s identity management system.