Skip to main content
Skip table of contents

Single Sign On (SSO)

To make access to Hexagon GeoCloud more seamless and secure, we now offer support for Single Sign-On (SSO). This allows users in your organization to log in using their existing company credentials through a supported identity provider.

We currently support OIDC (OpenID Connect). Any identity provider that supports this protocol can be integrated with our application. Please note that other protocols such as SAML are not yet supported.

If your organization is interested in enabling SSO, please note that a purchased and activated subscription is required before SSO can be enabled. Once your subscription is active, you can request access by following the instructions provided in this link: SSO Sign up request.

While GeoCloud supports SSO, the application does not natively include Multi-Factor Authentication (MFA).

To enable MFA as part of your SSO integration, ensure your identity provider enforces MFA. Your identity provider will then handle MFA as a first step before sign-on authentication is passed to the GeoCloud system.

For details on SSO login see Login and authorisation.

Admin SSO setup checklist

A step-by-step path from initial request through to SSO fully rolled out.

  • 1. Request SSO — Contact your Customer Success Manager to confirm eligibility and obtain the SSO request form. CS will also send links to the configuration and rollout guides. → SSO sign up request
  • 2. Configure your identity provider — Choose your company alias, set up the OIDC application in your IdP (Microsoft Entra or another OIDC provider), and record the metadata document URL, Client ID, and Client Secret. → How to configure your OIDC SSO
  • 3. Submit and await activation — Submit the completed form to Hexagon. Activation typically takes around 2 weeks from form submission until SSO is ready to test. You'll be notified when SSO is active.
  • 4. Set up your own SSO admin user — Log in via SSO, promote your SSO user to Admin, transfer your own projects (if any), and delete your legacy account. → Set up your SSO admin account · Moving project ownership to SSO user
  • 5. Roll out SSO to your team — Migrate the rest of your team: coordinate project transfers if needed, remove legacy accounts, notify each affected user. → Roll out SSO to your team
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close