Ingeniux CMS 10.x supports single sign-on (SSO) via SAML (Secure Assertion Markup Language), a federated, asynchronous authentication protocol. The CMS supports SAML 2.0 for both SSO and single log-out (SLO) configurations. For authentication, the CMS supports ADFS-, Azure AD-, Ping-, Okta-, Shibboleth-, and Salesforce-based SAML 2.0 identity providers (IdPs).

When a site uses SAML as its authentication protocol, the CMS acts as a service provider (SP) that validates against an IdP, which maintains users' credentials. This IdP can be any number of sources, and its exact configuration varies by provider. Each user authenticated via SAML SSO must be configured as a user in the CMS and be a member of a group.

Once the system administrator configures the IdP, saml.config and local-membership.config require configuration to start using SAML.