Configuring SSO
  • 18 Nov 2022
  • 2 Minutes to read
  • Dark

Configuring SSO

  • Dark

Who can use this feature?
  🌐 ✔️ MES (v6.3.5, v6.5) ✔️ AWI (v6.5) ✔️ LES (v6.5) ✔️ Tandem (v6.4, v6.5)
  💻 Web app
  👤 System Admin users

System admins can work with a point of contact at Apprentice to allow users to sign in with their existing company credentials via SSO. The process to enable SSO within the Tempo Manufacturing Cloud requires assistance from Apprentice and may require technical resources from your organization. Additional information about this process can be provided by your Customer Success Manager.

Within the Tempo Manufacturing Cloud, organization administrators have access to configure specific settings and permissions to meet their organization's needs. To access SSO configuration options for organization settings and permissions, click settings Platform > Configuration > Single Sign On from the left navigation panel.

This article reflects Tempo v6.5. If you are using an earlier version, hover over the left navigation panel, then click Configuration > Single Sign On.


To apply any changes, click Save in the upper right corner prior to leaving the page.

General Settings

The on-off toggles in this section determine organizational SSO settings.

  • Enable SSO: Determines whether all users for this organization use SSO to log in to the system.
  • Enable Auto User Creation: Determines whether the system automatically creates a new user when an employee attempts to sign in using a valid account with the organization's identity provider. (Note that additional administration may be required, such as assigning teams and permissions to new users.)

Single Sign On Configuration

  • SSO Email Domain: Determines the domain name(s) to enable for SSO with the Tempo Manufacturing Cloud.

Spaces are not allowed in this field.

  • Use the following format for a single domain name:

  • Use the following format for multiple domain names:,

  • Type: Determines the SSO type (SAML). When SAML is selected, additional settings (Entity ID, Entry Point, Logout URL, and Certificate) display.
  • Entity ID: Matches the Tempo Manufacturing Cloud system with the identity provider. The value for this field must match the entity ID entered with the identity provider. (Unless the identity provider requires otherwise, the system admin may use the value of the read-only Audience Restriction field.)
  • Entry Point: Sets the URL to log in with the identity provider. The system admin provides this information.
  • Logout URL: Sets the URL to log out with the identity provider. The system admin provides this information.
  • Certificate: Enter the certificate from the identity provider.

Parameters for IdP-Initiated SSO

The read-only values in the Parameters for IdP-Initiated SSO section support the configuration of SSO within the organization's identity provider.

  • Audience Restriction: An internal identifier for your organization within the Tempo Manufacturing Cloud.
  • Logout URL Redirect: This URL is where the Tempo Manufacturing Cloud sends users after they log out of the system.
  • SAML Provider SSO URL: This URL is where the Tempo Manufacturing Cloud sends users after they have logged in and verified their identity with the identity provider.

Organization URL

  • Metadata URL (optional): If available from the identity provider, the metadata link with access to information like the Entry Point and Certificate can be stored on this page for reference.

  • Organization URL: Provided for reference. The URL for the organization's Tempo Manufacturing Cloud.

  • Organization URL Enabled: Provided for reference. Indicates whether the Organization URL uses a particular Apprentice URL naming convention.

Was this article helpful?