SSO integration

Lens paid subscription feature

Lens Control Center enables you to configure single sign-on (SSO) to the Lens platform through your identity provider (IDP). Lens supports SAML and OIDC authentication standards.

Configure SSO

To configure SSO:

1. As a Lens Business ID administrator, navigate to Control Center > Single Sign-On.

2. Provide the IDP with the following URLs:

   URL	Description
   Assertion Consumer Service URL	The endpoint on the Lens side to which the IDP redirects with the authentication response
   Service Provider Entity ID	A URL that identifies Lens as a service provider

3. If the IDP administrator provided you with configurations, click the following buttons to complete the automatic setup:

   SAML integrationOIDC integration

   Import metadata

   Import configuration

4. Optional. Contact the IPS administrator to obtain the following parameters and specify them manually:

   SAML integrationOIDC integration

   Parameter	Description
   SSO Certificate	A public key certificate issued by the IDP
   Single Sign-On Service URL	The IDP service endpoint for authentication requests
   Identity Provider Entity ID	The URL that identifies IDP

   Parameter	Description
   Client ID	The public Lens identifier within the IPS system
   Client Secret	The confidential Lens identifier within the IPS system
   Authorization URL	The authorization request link
   Token URL	The URL that contains the authentication token
   JWKS URL	The URL to the cryptographic key
   User Info URL	The endpoint with the user information
   Logout URL	The URL of the page to which users redirect after logging out of Lens

5. Navigate to Profile and note Business ID. This is the unique identifier that represents your Lens Business ID in Lens applications and other services.

Log in with SSO

You can log in to your Lens Business ID using the IDP service or Lens ID Portal

1. On the Lens login page, select Login with SSO.
2. Type the Business ID of your company in the Business ID input field.