Settings Menu → Advanced settings
Why do I need to set up SSO in Feedier?
Setting up Single Sign-On (SSO) in Feedier has multiple advantages for your team, and we highly recommend it.
Centralized identity management (password policies, MFA, device trust)
Reduced risk of weak or reused passwords
Immediate access revocation when an employee leaves the company
⭐️ Feedier supports standard OIDC, which works easily with all modern IAM providers: https://www.microsoft.com/en-us/security/business/security-101/what-is-openid-connect-oidc
Who can access it?
Roles | Access |
👑 Admins | Full access |
🛠️ Editors | No access |
👀 Viewers | No access |
🔒 Restricted Viewers | No access |
Introduction
To set up SSO, you need to follow 2 required steps and 1 optional step.
Create a new application in your SSO provider interface. We will use Microsoft Entra as an example in this guide. However, it's likely going to be the same with your provider — if different.
Set up the SSO application within Feedier (admin access needed).
Advanced setup, including role provisioning and frontend-only SSO.
Step 1: How to create a new application in your SSO provider interface?
Let's start with creating the application,
Navigate to the Microsoft Entra admin center.
Register a new Application
Click on Applications' App registrations
Then click New registration
Configure Application Registration
Name: Enter a descriptive name for your application (e.g., "Feedier SSO").
Supported account types: Choose the appropriate option based on your requirements (e.g., single tenant).
Redirect URI: Select Web and enter the redirect URL provided to you on Feedier.
Click Register
Where do I find the redirect URL in Feedier?
In Advanced Settings, navigate to Authentication and click Enable OIDC authentication.
Now, let's set up authentication
Navigate to Authentication
Ensure the Redirect URI is correctly added
Set the appropriate Implicit Grant and Hybrid Flows if needed (typically, you’ll enable ID tokens for SSO).
Last step, let's configure your API permissions.
Navigate to API permissions in the app registration
Click on Add a permission
Select Microsoft Graph
Select Delegated permissions
Choose the necessary permissions for your application (at least, openid, email) by typing the permission name in the select permissions search bar.
Review all settings to ensure everything is configured correctly.
We will need the endpoints in step 2 of this guide
Now, go to Certificates & secrets to get the client secret to be used later on the OIDC configuration on the Feedier side.
Step 2: How to set up the SSO application within Feedier (admin access needed)?
In the Advanced Settings > Authentication
Enable OIDC Authentication.
Set the workflow type to Server.
Enter the settings generated in Step 1
Base URL (something like: https://login.microsoftonline.com/77192efa-693e-42a2-a5c8-0fd5caba1c79/v2.0)
Client ID
Client Secret
How can my user log in to Feedier?
All set. To get your users to safely access Feedier, just share the Login URL provided in the Advanced Settings. We recommend sharing it directly through your Intranet to make it easy for your users.
How do I test the connection?
Click on the Login URL link, and you should be redirected to your OIDC authentication page if everything was set up correctly.
Once the SSO is set up, no username and password connection will be authorized. ⚠️ Please make sure that you run tests in a private window and maintain a live session in your main window to avoid being blocked from logging in.
Advanced setup
How does Feedier handle MFA or password login when SSO is enabled?
When SSO is enabled in Feedier for a given Workspace, the password connection mode is disabled by default. It means the only way for a user to access your Workspace is by using the SSO login link provided in the Advanced Settings.
By default, Feedier provides MFA for all login attempts. If your SSO provider already includes MFA, you can deactivate MFA directly from the Feedier Advanced Settings.
What is the Client mode in the SSO settings?
In the Client mode, the Feedier server never interacts with your SSO provider. The complete OIDC exchange is made directly from the client side (the user's browser).
This option is recommended if your SSO provider is under an internal firewall or requires a VPN.
How to automatically set up the Feedier user role from your IAM settings?
Instead of requiring a Feedier admin user to manually set up user roles in the Feedier Platform, you can automatically provision roles from your IAM service.
The following is an example with Azure AD, but it can be replicated with other IAM providers.
First, create the 4 corresponding application roles in the Azure AD enterprise application (Entra ID):
Admin,Editor,Viewer,Restricted Viewer.Send your Workspace ID to [email protected] so our technical team can do the backend setup.
Once configured, you can send a test link to one of your users
⚠️ Once enabled, only users with a role provisioned will be authorized to access Feedier.
How to automatically set up the Feedier user team from your IAM settings?
Instead of requiring a Feedier admin user to manually move users in their correct Feedier team (marketing, subsidary, group, etc.), you can automatically provision Feedier teams from your IAM service.
Create groups in Azure; every group will correspond to a team in Feedier.
Include the group_id in the ID token
Go to App Registrations in Azure, inside the Token Configuration
You need to create a group claim and ensure that the group ID (
group_id) is included in the ID token.
Provide a mapping table of Feedier teams x
group_idto the Feedier team via [email protected], which will then activate the team mapping within 24 hours.
Example of a mapping table
Group_id | Feedier Team name |
fd7f72c6-cd68-4bad-b170-9aa2c1957128 | Team A |
9a48e151-e107-4555-a381-498174b947b9 | Team B |
⚠️ This example uses Azure. If you are using another identity provider (e.g., Okta), you need to perform the equivalent steps in your provider to create groups, configure claims, and include the group_id in the ID token.