Cyver supports Single Sign-On (SSO) authentication using Microsoft Entra ID (Azure AD) and Google. Depending on your configuration, authentication requests may be routed through Cyver’s relay server or handled directly using your own SSO provider settings.
This article explains how Microsoft and Google SSO work, the purpose of SSO Custom Settings, and what to expect when this feature is enabled or disabled.
Default SSO Behavior (Without Custom Settings)
When SSO Custom Settings are not enabled:
Microsoft and Google SSO authentication requests are routed through Cyver’s relay server.
Tenant domains are not registered directly in Microsoft Entra ID or Google for Cyver SSO.
During login, users will be temporarily redirected to Cyver infrastructure.
This mode is designed to provide a simplified SSO setup without requiring full SAML configuration.
SSO Custom Settings
SSO Custom Settings allow tenants to configure Microsoft or Google SSO using their own SSO provider settings, without relying on Cyver’s relay server.
When SSO Custom Settings are enabled:
Authentication is handled directly by your Microsoft Entra ID or Google SSO configuration.
Users are not redirected to the Cyver relay server.
White-labeling scenarios are supported only when Custom Settings are enabled.
You maintain full control over your SSO metadata, certificates, and endpoints.
Where to Configure Microsoft and Google SSO Settings
Microsoft and Google Single Sign-On settings are configured from the Portal Security Settings:
From the left-hand menu, go to: Administration > Portal
Open the Security tab.
Scroll down to the Single Sign-On (SSO) section.
Configuring Google SSO
Under Single Sign-On (SSO) > Google:
Enable Google Single Sign-On
Enables Google SSO for the tenant.Use custom settings
When disabled (default):
Authentication uses Cyver’s shared authentication relay.When enabled:
Google SSO uses your custom SSO provider configuration, and users will not be redirected to the Cyver relay server.
Note: To preserve white-labeling and keep your domain visible during login, Custom Settings must be enabled.
On your Google Cloud Console > Google Auth Platform > [Your App Name]:
- Add your primary access URL to "Authorised JavaScript origins"
e.g.: https://mydomain.com - Add your primary access URL and append /signin-google in "Authorised redirect URIs"
e.g.: https://mydomain.com/signin-google
Configuring Microsoft SSO
Under Single Sign-On (SSO) > Microsoft:
Enable Microsoft Single Sign-On
Enables Microsoft (Entra ID / Azure AD) SSO for the tenant.Use custom settings
When disabled (default):
Authentication requests are routed through Cyver’s shared authentication relay.When enabled:
Authentication is handled directly by your Microsoft Entra ID configuration, without relay server redirection.
Note: White-labeling is supported only when Custom Settings are enabled.
On your Azure > Enterprise Applications > [Your App Name]:
- Add your primary access URL and append /signin-microsoft on "Redirect URI" table
e.g.: https://mydomain.com/signin-microsoft