Single Sign-On
PackNet supports Single Sign-On (SSO) integration using two industry-standard protocols:
Security Assertion Markup Language (SAML) 2.0
OIDC (OpenID Connect), built on the OAuth 2.0 framework
These protocols allow customers to manage authentication through their own Identity Provider (IdP), letting users to access PackNet with their corporate credentials instead of PackNet-managed usernames and passwords.
Supported Protocols
SAML 2.0
Commonly chosen by enterprise customers.
Supports role provisioning, meaning the customer’s IdP can send role or group information to PackNet to determine user permissions.
Note
Roles will still need to be defined in PackNet.
Recommended for organizations with established identity infrastructure (e.g., Active Directory, Okta, Ping Identity).
OpenID Connect
Supports standard authentication via OAuth 2.0.
Does not currently support role provisioning; roles must be managed directly within PackNet.
Requires customer-provided OIDC configuration details, including:
client_id and client_secret
A well-known URI for the IdP (must be accessible from the Packsize cloud)
Redirect URIs specified by Packsize (e.g., https://fd-saas-prod.azurefd.net/PackNet/login)
Identity Provider Requirements
Customers must manage and host their own Identity Provider (IdP). PackNet is compatible with any IdP that conforms to standard SAML 2.0 or OIDC protocols.
Examples include:
Managed services: Okta, Azure Active Directory, Ping Identity
Self-hosted or custom IdPs
Note
May require additional validation and testing.
If a customer’s IdP is hosted within a private network (not publicly accessible), the OIDC flow may still function through the user’s browser, but certain edge cases may arise. Packsize recommends using an IdP that is accessible from the internet to ensure full compatibility.
Configuration and Domain-Level Enablement
SSO is configured at the domain level (e.g., all users with @companyx.com emails use SSO).
User-level SSO configuration is not currently supported.
SSO setup is not self-service at this time. Packsize will assist in configuring and validating the integration.
Updates or changes to the SSO configuration will require coordination with Packsize’s technical team.
Summary of Requirements
Requirements | Description |
|---|---|
Protocols Supported | SAML 2.0, OpenID Connect (OAuth 2.0) |
Role Provisioning | Supported via SAML only |
Customer-Hosted IdP | Required |
Network Accessibility | Publicly accessible IdP recommended |
Configuration Scope | Domain-level |
Access Experience
Once Single Sign-On is configured:
Users sign in to PackNet using their corporate credentials — no separate PackNet password required.
Authentication happens through the organization’s IdP, providing a consistent and secure login experience.
Access permissions within PackNet are determined by roles defined in PackNet. With SAML, the matching roles will need to be passed in the SAML request.
All users under the configured email domain will automatically be directed to the SSO login page when logging into PackNet.
SSO Implementation
SAML Implementation Summary
Packsize will need to know the SAML Sign-In URL and Certificate.
The customer will be provided with the following information from Packsize:
Auth0 Connection Identifier
Customer ID
Roles
Packsize Auth Certificate
OIDC Implementation Summary
Packsize will need the following information:
IdP client id
IdP client secret
IdP well-known URL
The customer will be provided with the following information from Packsize:
Application type
Redirect URIs
Required permissions
Grant/flow
Token endpoint client auth
Single logout and RP-Initiated logout: not supported