Skip to main content

Single Sign-On

mogenius supports Single Sign-On (SSO) through OpenID Connect (OIDC), allowing team members to authenticate using their existing identity provider accounts. Once configured, your organization receives a unique login page that can be shared with your team.

Supported Providers

  • Microsoft Entra ID (formerly Azure Active Directory)
  • GitLab (including self-hosted instances)

Microsoft Entra ID

Prerequisites

  • An existing organization using Microsoft Entra
  • A mogenius organization with administrative permissions. Don’t have one yet? Create one here

Step 1: Get the Redirect URI from mogenius

  1. In your mogenius organization, go to Settings.
  2. In the Single sign-on section, click Configure.
  3. Copy the Redirect URI displayed at the top of the form — you will need this for your Entra app registration.

Step 2: Create an Entra App Registration

  1. Go to entra.microsoft.com and sign in with your Microsoft account.
  2. Navigate to Applications > App registrations.
  3. Click New registration and fill in the details:
    • Name: A recognizable internal name for the app.
    • Supported account types: Select Accounts in this organizational directory only (Single tenant).
    • Redirect URI: Select “Web” and paste the Redirect URI you copied from mogenius.
  4. Click Register to create the app.

Step 3: Create a Client Secret

  1. In the overview of your newly registered app, go to Certificates & secrets > Client secrets.
  2. Click New client secret and note the generated value.
  3. Save this value securely (e.g., in a vault) — you will not be able to view it again later.

Step 4: Connect Your Entra App with mogenius

  1. Back in mogenius, enter the following details from your Entra app:
    • Client ID — Found in the app overview as “Application (client) ID”
    • Tenant ID — Found in the app overview as “Directory (tenant) ID”
    • Client Secret — The value you saved in the previous step
  2. Click Connect to complete the setup.

Step 5: Share the Login URL

Your SSO configuration is complete. mogenius displays a Login URL for your organization. Share this URL with your team — users who sign in via this link will automatically be added to your mogenius organization.
Removing a user from your Entra organization will also deactivate their access in mogenius automatically.

GitLab

You can use GitLab as an SSO provider for your mogenius organization, including self-hosted GitLab instances.

Prerequisites

  • A GitLab account with permissions to create OIDC applications (at group, user, or instance level)
  • A mogenius organization with administrative permissions
For self-hosted GitLab, make sure your instance is reachable on a public HTTPS hostname. mogenius requires discovery URLs that are publicly accessible.

Step 1: Get the Redirect URI from mogenius

  1. In your mogenius organization, go to Settings.
  2. In the Single sign-on section, click Configure and select GitLab.
  3. Copy the Redirect URI displayed at the top of the form.

Step 2: Create an OIDC Application in GitLab

  1. In GitLab, navigate to your group, user settings, or admin area (depending on where you want to register the app).
  2. Go to Applications and click New application.
  3. Fill in the details:
    • Name: A recognizable name (e.g., “mogenius SSO”)
    • Redirect URI: Paste the Redirect URI from mogenius
    • Confidential: Enabled
    • Scopes: Select openid, email, and profile
  4. Click Save application.
  5. Note the Application ID and Secret — you will need these for mogenius.

Step 3: Connect GitLab with mogenius

  1. Back in mogenius, enter the following details:
    • Application ID — From your GitLab application
    • Client Secret — From your GitLab application
    • Self-hosted: If using a self-hosted GitLab instance, enable the toggle and enter your GitLab base URL (HTTPS only)
  2. Click Connect to complete the setup.

Step 4: Share the Login URL

Your SSO configuration is complete. Share the Login URL displayed in mogenius with your team.

Troubleshooting

Redirect URI mismatch error Ensure the Redirect URI in your identity provider exactly matches the one shown in mogenius, including the protocol (https://) and trailing path. Discovery failures (self-hosted GitLab) Verify that your GitLab instance is reachable from the internet and that <base-url>/.well-known/openid-configuration returns a valid JSON document. Self-hosted instances behind a VPN or on a private IP cannot be used. Missing email in user profile Ensure the email scope is included in your OIDC application configuration and that users have a verified email address in their identity provider.