Skip to content

SSO (OIDC) & MFA (TOTP)

DataSquares signs in against any OpenID Connect identity provider — Okta, Microsoft Entra ID, Google Workspace, Auth0, Keycloak, and anything else that speaks OIDC discovery.

In Admin → Settings → Single sign-on, fill in:

Field Value
Issuer URL your IdP’s OIDC discovery base URL
Client ID / Client secret from the app registration you create in the IdP (the secret is write-only — leaving it blank on later edits keeps the stored value)
Auto-provision email domains domains whose users may be created on first SSO sign-in
Auto-provision new users toggle first-login account creation
SSO enabled the master switch

Users click Sign in with SSO on the login page and enter their email — DataSquares looks up the organization by domain and redirects to your IdP. If SSO isn’t configured for that domain, the login page says so and password sign-in remains available.

MFA is per-account, using any TOTP authenticator app (Google or Microsoft Authenticator, 1Password, …).

From the account’s Two-factor authentication dialog: Set up two-factor shows a QR code (or a copyable setup key if you can’t scan), you enter the 6-digit code from your app, and Verify and enable turns it on — the factor only activates once a code proves you have it.

With MFA enabled, password sign-in adds a second step: enter the current 6-digit code (valid for a 5-minute window; if it lapses you’re returned to the password step). Disabling MFA requires a current code too.