Sso And Domain Settings
Verified domain, IdP metadata, and the enforce switch with its full consequence.
Verified domain, IdP metadata, and the enforce switch with its full consequence.
The Application Collection unlocks the source for every Application block. All Access unlocks every Collection.
Already purchased? Log in
Sso And Domain Settings is a three section ruled panel for identity configuration. The first section shows the verified domain acme.com with a Verified badge, the DNS TXT record in monospace (acme-verify=7f3k2m9qx81v4d0c), and the note that the record is rechecked weekly and unverified if it disappears. The second section holds the IdP metadata URL input pre-filled with the Okta SAML endpoint, with a note that signing certificates are fetched daily so IdP-side rotations need no action. The third section is the Enforce SSO switch: its description states the full consequence, password sign in disables for everyone including admins, existing sessions survive up to 14 days, so a broken IdP blocks new sign ins only.
Domain state is a single const, IdP metadata is a defaultValue on the Input. The enforcement consequence is the content; the switch label alone would be incomplete.
Reach for this block on the security or authentication settings page, visible to owners only. Wire the Add domain button to a dialog that walks through DNS verification. Wire the Save button on the IdP URL to PATCH /sso/config. Wire the Enforce SSO switch to PATCH /sso/config with enforced: true, gated behind a test sign in confirmation flow.
A natural flow around it on an Application Pro page:
Before
After
One strong use is the workspace SSO and domain panel. Other identity settings panels:
Tip: state the enforcement consequence under the switch, not in a tooltip; consequences users cannot see without hovering become support tickets.