---
title: "Setting up single sign-on"
date: "2024-02-14T06:18:38+00:00"
summary: "Streamline user access with single sign-on for Drupal sites on Site Factory. Learn how to set up SAML or OpenID authentication, configure modules, and integrate with identity providers for seamless login experiences."
image:
type: "page"
url: "/site-factory/setting-single-sign"
id: "c2b04e28-6739-40db-97ee-f7e12b56ae1d"
---

Site Factory supports single sign-on (SSO) for websites running all supported versions of Drupal. Applications running the [current Drupal version](/service-offerings/guide/software-life-cycle#supported-drupal-version) on Site Factory use Security Assertion Markup Language (SAML) for SSO, while [Drupal 7 websites use OpenID](/site-factory/manage/login-mode).

Setting up SSO for websites running the current Drupal version
--------------------------------------------------------------

Applies to websites running the [current Drupal version](/service-offerings/guide/software-life-cycle#supported-drupal-version) hosted on Site Factory. For SSO in Drupal 7 websites, see [Specifying login authentication mode](/site-factory/manage/login-mode).

Setting up SSO for websites running the [current Drupal version](/service-offerings/guide/software-life-cycle#supported-drupal-version) hosted on Site Factory enables users to sign in to those websites by using the [actions menu](/site-factory/manage/website) in the Site Factory Management Console.

Using SSO requires a SAML service provider, either Cloud Platform or an external provider. Although you can use any SAML service provider compatible with your codebase running the [current Drupal version](/service-offerings/guide/software-life-cycle#supported-drupal-version), Site Factory directly supports the use of the [SAML Authentication](https://www.drupal.org/project/samlauth) module (version 8.x-2.x or 8.x-3.x). Site Factory doesn’t recommend to use SAML Authentication module version 8.x-3.3.

To configure SSO for your Site Factory platform, select one of the following methods:

*   [Installing the SAML Authentication module](#acsf-install-saml-module)
    
*   [SimpleSAMLphp and Site Factory](#acsf-simplesaml)
    

Important

*   Site Factory supports the use of the SAML Identity Provider (IdP) integrated into the Site Factory Management Console, or an external IdP, _but not both_. If you choose an external IdP, you cannot sign in to websites with the **Log in** option from a website’s actions menu.
    
*   If you do not use the [SAML Authentication](https://www.drupal.org/project/samlauth) module to connect to your SAML service provider, you cannot use [centralized role management](/site-factory/manage/users/admin).
    
*   If your SSO solution requires your users to sign in through an external Identity Provider (IdP), bypassing the Site Factory Management Console, Acquia recommends an Acquia Professional Services engagement.
    

### Installing the SAML Authentication module

Complete the following steps to use the [SAML Authentication](https://www.drupal.org/project/samlauth) module with SSO:

1.  For applications running the [current Drupal version](/service-offerings/guide/software-life-cycle#supported-drupal-version), download and add the following modules to your codebase:
    
    *   [External Authentication](https://www.drupal.org/project/externalauth)
        
    *   [Site Factory Connector](https://www.drupal.org/project/acsf), version 8.x-1.35 or later
        
    *   [SAML Authentication](https://www.drupal.org/project/samlauth), version 8.x-2.0-alpha1 or later
        
2.  Add the modules from the previous step to your installation profile, along with the `acsf_sso` module packaged with the Site Factory Connector module.
    
3.  Commit your changes back to your repository.
    

You can now use SSO with your Site Factory-hosted websites.

### Configuring authentication values

When installing the Site Factory SSO module or [staging your websites for testing](/site-factory/workflow/staging), Site Factory changes the `samlauth.authentication` configuration value to sign your users in to the appropriate staged or live websites.

Do not change the values for `samlauth.authentication` in active configuration from those set by Site Factory. For instance, ensure you do not import stale or incorrect values for `samlauth.authentication` from configuration files stored in your codebase when installing or staging a website.

Modifying `samlauth.authentication` in active configuration may cause sign-in attempts to fail, or to sign users in to an environment other than the one you intended.

### SimpleSAMLphp and Site Factory

Implementing SSO with the [simpleSAMLphp Authentication](https://www.drupal.org/project/simplesamlphp_auth) module for use with the `acsf_sso` module (packaged with the Site Factory Connector module), requires an Acquia Professional Services engagement.

During your Professional Services engagement, after Acquia provides you with the Service Provider (SP) data, you will perform the following actions:

*   Install the Service Provider (SP) metadata with your IdP.
    
*   Collaborate with Acquia to test your SimpleSAMLphp configuration.
    
*   If you do not use Cloud Platform as your IdP, ensure Acquia has access to and knowledge of your IdP.
    
*   Own your website’s custom code.
    
*   Alter the `config.php` file to use `/mnt/gfs/mydocroot.env/files-private/sites.json` instead of the default `creds.json` path.
    
*   Test any custom workflows not provided by the [simpleSAMLphp Authentication](https://www.drupal.org/project/simplesamlphp_auth) module and the SimpleSAMLphp library.
    
*   Own the testing and validation of all Drupal configurations and workflows integrating with the [simpleSAMLphp Authentication](https://www.drupal.org/project/simplesamlphp_auth) module.
    
*   Configure and activate the [simpleSAMLphp Authentication](https://www.drupal.org/project/simplesamlphp_auth) module for your website.