Linq SSO Integration
🔐 Linq SSO Integration (Azure AD / Entra ID)
Overview
Linq supports Single Sign-On (SSO) using through SAML authentication.
This allows your team to log into Linq securely with their company credentials — no passwords or manual invites required.
Available Providers
| Provider | Notes |
|---|---|
| Okta SAML | Most commonly used enterprise IdP |
| Entra ID (Azure AD) SAML | Microsoft’s cloud identity service |
| Google SAML | Works for Google Workspace orgs |
| ADP OpenID Connect | Ideal for ADP Workforce or ADP TotalSource users |
| Auth0 SAML | Used by teams already managing auth via Auth0 |
| CAS SAML | Supports schools and higher-education directories |
| ClassLink SAML | Common in education and nonprofit orgs |
| Cloudflare SAML | For orgs leveraging Cloudflare Access for identity |
| CyberArk SAML | Used in high-security enterprise environments |
| Duo SAML | Multi-factor authentication and identity provider |
| Custom SAML | Manual setup for unsupported IdPs |
| Custom OIDC (OpenID Connect) | For any OIDC-compliant provider (e.g., PingOne, OneLogin) |
How It Works
Once connected, employees from your approved company domains can log in to Linq using your organization’s Microsoft credentials.
Linq verifies their identity through your Azure AD tenant and grants access to the correct organization.
Setup Steps
1. Go to Integrations → SSO
-
Sign in as an Organization Admin.
-
Navigate to Integrations → SSO.
-
Click Manage SSO Configuration Settings.
2. Connect Microsoft Entra ID (Azure AD)
Your admin panel will display:
| Field | Example |
|---|---|
| Identity Provider | Entra ID (Azure AD) SAML |
| Domains | libertyenergy.com, libertyfrac.com, proppx.com, st9go.com |
| External Domains | Not allowed |
| IdP URI (Entity ID) | |
| IdP SSO URL | |
| X.509 Certificate | Valid (auto-renew via Azure) |
After entering your Azure metadata, click Test sign-in.
When successful, Linq displays Connection Activated.
3. Verify Attribute Mapping
Linq automatically maps the standard Azure fields:
| Linq Attribute | IdP Field |
|---|---|
| firstName | |
| lastName | |
| id |
No additional mapping is required.
4. Manage Sign-In Settings
In Integrations → SSO, admins can control login options:
-
Allow non-SSO logins: ✅ (recommended during transition)
-
Enforce SSO-only: toggle OFF if you want to allow both methods
(when ON, all users from approved domains must sign in via SSO)
5. View Sign-In Activity
Recent login sessions appear under Sessions with:
| Column | Example |
|---|---|
| name@domain.com | |
| Name | name |
| State | Successful / Started |
| Timestamp | Oct 21, 2025, 6:55 PM |
What’s Working Now
✅ Entra ID connection active
✅ Domain whitelisting
✅ Attribute mapping verified
✅ Session logging and test sign-in
✅ Optional non-SSO login toggle
Best Practices
-
Ensure certificate validity before expiry (visible in Linq dashboard).
-
Keep domains restricted to internal addresses only.
-
Use Test Sign-In after any Azure metadata update.
-
Encourage users to sign in via SSO for consistent authentication.