Single Sign-On (SSO) with Cameyo

Cameyo uses the OpenID Connect (OIDC) standard when users sign in through a third-party cloud Single Sign-On (SSO) identity provider.

To sign into Cameyo using SSO:

  1. On the Cameyo Admin console, select Admin > Company Settings.
  2. Under Authentication, select your SSO from the SSO provider list.

    Not all SSO provider options will display if a Subdomain and Identity domain are not set for the account.

    Only the Identity domain of the main admin's email domain can be claimed by the customer. Subdomains need to be added separately.

    Any other identity domain needs to be requested to be added through Cameyo support.

  3. At the bottom, click Save.

Cameyo and different SSO providers

This list includes additional information about integrating Cameyo with different third-party SSO providers. Note that Cameyo uses the OpenID Connect (OIDC) standard when users sign in through a third-party cloud SSO identity provider.

Open all  |  Close all

SSO integration (Microsoft)

There are two ways to connect Cameyo to Microsoft SSO:

  • (Basic) Generic—quick and easy
  • (Advanced) Custom—allows more options

Prerequisites

You need to have the following:

  • Identity domain—This looks like company.cameyo.com
  • Subdomain—This looks like company.com

Note: To find your Subdomain and Identity domain, go to Admin > Company Settings > Authentication. If you don't have these ready, you should claim them first or contact Cameyo support to have them set up for you.

(Basic) Generic Microsoft SSO integration

The Generic method displays the Sign in with Microsoft page, which is not specific to your company yet allows connecting to it without much configuration.

To integrate Cameyo with Microsoft SSO:

  1. On the Cameyo Admin console, go to Admin > Company Settings > Authentication.
  2. Select Microsoft from the SSO provider list.
  3. At the bottom, click Save.

(Advanced) Custom Microsoft SSO integration

This mode of SSO connection is more advanced, and allows for a custom SSO dialog and rules for users reaching your Cameyo subdomain. It consists of adding a Microsoft Entra ID app and connecting Cameyo to it.

Create a Microsoft Entra ID App

Unless you already have a Microsoft Entra ID app, you need to create one to connect to Cameyo.

  1. In your Microsoft Azure portal, go to Azure Entra ID and click App Registrations.
  2. Click New registration to create a new app.
  3. Name the app and select the relevant account type (for example, Accounts in this organizational directory only).
  4. Under Redirect URI, add https://online.cameyo.com/oidc
  5. Click Register.

    Important: Take a note of your Application (client ID) and Directory (tenant ID) to use later. This won’t display again.

  6. Click Certificates & Secrets > New client secret.

    Important: Take a note of the new Client Secret to use later. This won’t display again.

Connect to Cameyo

Ensure you have your Directory (tenant) ID, Application (client) ID, and Client Secret ready for use.

  1. On the Cameyo Admin console, go to Admin > Company Settings > Authentication.
  2. Select Custom from the SSO provider list.
  3. For Issuer URL, enter your Directory (tenant) ID: https://login.microsoftonline.com/[directory (tenant) id]/v2.0

    For example, if your Directory (tenant) ID is 12345678-90ab-cdef-1234-567890abcdef, you should enter:  https://login.microsoftonline.com/12345678-90ab-cdef-1234-567890abcdef/v2.0

  4. For Client ID, enter your Azure Application (client) ID.
  5. For Client Secret, enter your app Client Secret.
  6. At the bottom, click Save.

You can check the result by navigating to your company subdomain (company.cameyo.com).

SSO integration (PingID)

Prerequisites

  • A cloud SSO provider supporting OpenID Connect.
  • A subdomain and identity domain configured for your Cameyo account.

Steps

  1. Go to your identity provider's console and add an Application
  2. If asked for an application type, Web App is usually the right choice.
  3. When asked for a redirect URL, enter: https://online.cameyo.com/oidc (always use online.cameyo.com, never your company's subdomain!).
  4. Select the permissions needed by Cameyo, openid and email.
  5. Your application should now be created. Make sure it is enabled.
  6. Configure your application and copy the connection data
  7. In your application's configuration section, if Response Type is configurable, make sure it is set to Code.
  8. If Grant type is configurable, make sure it is set to Authorization Code.
  9. If the token endpoint authentication method is configurable, make sure it is either set to Client Secret Post or None.
  10. To connect Cameyo to your provider, make note of these 3 items:
    • Issuer URL
    • Client ID
    • Client Secret
  11. Once you have these items, enter the values in the Company Settings page, under the Authentication field.

SSO is now enabled on your Cameyo subdomain (company.cameyo.com).

SSO integration (Okta)

Prerequisites

  • A cloud SSO provider supporting OpenID Connect.
  • A subdomain and identity domain configured for your Cameyo account as shown below.

Steps

  1. Go to your identity provider's console and go to Applications.

  2. Click Create App Integration.

  3. Choose OIDC.

  4. Select Web Application and click Next.

  5. Configure App integration name.

    1. Grant types

    2. Authorization code and Implicit (hybrid)

  6. Set the Sign-in redirect URI to https://online.cameyo.com/oidc (always use online.cameyo.com, never your company's subdomain!).

  7. Choose the assignments you want, either everyone or only certain groups and click Save.

  8. Get the needed data (A), (B) and (C) from your newly created application and enter it on your company page.

SSO integration (OneLogin)

Prerequisites

  • A cloud SSO provider supporting OpenID Connect.
  • A subdomain and identity domain configured for your Cameyo account as shown below.

Steps

  1. Go to your identity provider's Portal > Administration > Applications.

  2. Click Add App.

  3. Search for openid and choose OpenId Connect (OIDC).

  4. Enter Display name.

  5. Click Save.

  6. Go to Configuration.

  7. Set Redirect URI's to https://online.cameyo.com/oidc (always use online.cameyo.com, never your company's subdomain!).

  8. Go to SSO.

  9. Set Application Type to Web.

  10. Choose Token Endpoint POST.

  11. Copy Issuer URL (A).

  12. Copy Client ID (B).

  13. Copy Client Secret (C).

  14. Click Save

  15. Go to your company page and set the SSO provider to Custom (and set the Friendly name to OneLogin, then take the copied data from above (A, B, C) and enter it.

SSO integration (Google)—Alternative (OAuth App)

Prerequisites

  • Google Cloud including Google Workspace.
  • A subdomain and identity domain configured for your Cameyo account as shown below.

Steps

  1. Go to your Google Cloud Console.

  2. Open OAuth consent screen.

  3. Choose User Type Internal.

  4. Enter the App information and if wanted additional scope restrictions

  5. Save the consent screen.

  6. Go to APIs & Services > Credentials.

  7. Click Create Credentials and select OAuth client ID.

  8. Select Application type Web Application and add https://online.cameyo.com/oidc (always use online.cameyo.com, never your company's subdomain!) to Authorized redirect URIs.

  9. Click Create and you will get the Client id and Client secret that you need. You can download the JSON file for future reference.

  10. Select Custom (not Google in this case) as SSO provider and set the Issuer URL to https://accounts.google.com and enter the Client id and Client secret from above.

Google and related marks and logos are trademarks of Google LLC. All other company and product names are trademarks of the companies with which they are associated.

true
Search
Clear search
Close search
Main menu
15420518205491935912
true
Search Help Center
false
true
true
true
false
false
false
false