This guide outlines how to configure Single Sign-On (SSO) in 3D Repo using either OpenID Connect (OIDC) or SAML. 3D Repo supports both authentication protocols, enabling secure and streamlined user access management across your organization.
3D Repo supports integration with any identity provider that uses OIDC or SAML, and uses email address as the unique identifier for all user accounts. To configure SSO, please ensure your identity provider includes the user's email in the appropriate claim.
The following section describes the configurations required to set this up, if you require an in-depth guide on how to set this up within Microsft Entra ID, please refer to the following guides:
For OIDC (OpenID Connect)
Our redirect URL:
https://auth.3drepo.io/oauth/account/oidc/callback
Please provide the following details to your support contact:
Issuer URL
Application ID
Application Secret
List of domains (See Domain Claim)
For SAML
Our Identifier:
https://auth.3drepo.io
Our redirect URL:
https://auth.3drepo.io/account/saml/callback
Please provide the following details to your support contact:
A copy of the Federation Metadata XML
List of domains (See Domain Claim)
Domain claims
You will also need to specify which domain(s) should use this method of authentication. Anyone associated with a teamspace whose email domain matches the one you've configured will be redirected to this application for authentication.
For example, if you're setting up the application for all Asite employees, you would specify asite.com
so that anyone with an @asite.com
email address is directed to authenticate via this method.
If you also have subcontractors from other companies and want to manage their access through guest accounts in your tenant, you can include their email domains as well.
Please note that multiple SSO connections can be configured within a single teamspace. You're not limited to a single connection for all users—this gives you flexibility in managing access across different domains and organizations.