Skip to Content (Press Enter)
2025-09-09 09-52-32
Bala Subramanian
22Views
4Comments
Single sign on for a individual app in the environment
Question
OutSystems 11

Hi team,

I want to use the SSO specifically for one application in our environment. But, currently the SSO is enabled for the whole environment. Is there any way to restrict the SSO for a specific application?

Unfortunately, i do not have a OML file for this.

Thanks,

Bala

+96895796615

0
0
11 Nov 2025
Copy Link
2023-12-26 10-35-28
OutSystems Neo
Staff
AI Generated

In OutSystems, Single Sign-On (SSO) is natively enabled for all applications within the environment when they share the same User Provider module and authentication settings. However, if you need to restrict SSO to a specific application while keeping the overall SSO enabled, you would need to isolate the user provider for that specific app. Here's how you can achieve this:

  1. Set up a Dedicated User Provider for the Application
    Instead of using the default/shared Users module as the User Provider for the specific app, you need to designate a new module that will act as the User Provider for this specific application. Here's how:

    • Create a new module in Service Studio and enable the Is User Provider property for that module.
    • Publish this module to your environment.

  2. Link the Application to the Dedicated User Provider

    • Open the application’s module(s) in Service Studio.
    • Navigate to the module's Properties and change the User Provider property to the new dedicated User Provider module you just created.
    • Republish the application.

  3. Customize Authentication and Users for the Specific App

    • In this new User Provider module, manage users specifically for this application (e.g., by storing and managing a separate set of users in the database or integrating with specific external identity providers if needed).
    • Configure the authentication settings for this module if you want to integrate it with an external identity provider (e.g., Azure AD B2C). Follow the steps in this guide How to Enable SSO for OutSystems IT User Accounts if you're using tools like Azure AD for SSO integration.

  4. Ensure Separate Sessions (Optional)
    By using a separate User Provider, session sharing will be automatically disabled between the selected app and other apps in the environment. This ensures that SSO is isolated, and authenticating in one app does not authenticate the user in the other apps.

  5. Validate and Test the Configuration

    • Test the application to ensure the SSO is enabled only within the desired app and that users are not automatically logged into other apps in the environment.
    • If necessary, confirm that session management and shared session variables are working as expected in your setup.

Keep in mind that these steps may require discussions with your IT and infrastructure teams, especially if external identity providers are involved. For additional details on working with User Providers and SSO, you can refer to the official OutSystems documentation Single Sign-On.

0
0
11 Nov 2025
Copy Link
This answer was AI-generated. Please read it carefully and use the forums for clarifications
2025-12-22 13-50-43
Sherif El-Habibi
Champion

Hello, 

In the case of environment-level SSO, it is not possible to enable it for one application while disabling it for others within the same environment.

If you want a custom approach, you can configure the specific application to redirect users to a custom login page that is not associated with the built-in login mechanism or the configured Identity Provider.

So, to answer your question there’s no native OutSystems feature that allows enabling SSO for only one app within the same environment. I haven’t seen any official way to do that myself.

0
0
11 Nov 2025
Copy Link
2025-09-09 09-52-32
Bala Subramanian

Hi @Sherif El-Habibi ,

If I remove the SSO configuration made in Users, is it possible to then enable the logic for the specific applications?

0
0
11 Nov 2025
Copy Link
2025-12-22 13-50-43
Sherif El-Habibi
Champion

As far as I know, you can’t. When SSO is enabled, it applies to the entire environment, so every application in that environment benefits from it.

If you change the User Provider for a specific module, that’s a different story in that case, authentication isn’t handled through the standard Users module or the Identity Provider.

Which means it’s up to you to handle the SSO using your own custom mechanism or logic.


0
0
11 Nov 2025
Copy Link
Community GuidelinesBe kind and respectful, give credit to the original source of content, and search for duplicates before posting.