MicroStrategy ONE

Enable Single Sign-On with OIDC Authentication

You can enable single sign-on with OpenID Connection (OIDC) authentication for Azure or Okta.

The ability to view or edit certain settings is determined by a user's privileges. All necessary privileges are included in the Administrator role by default. You must belong to the System Administrators group to use this feature.

See Enable Single Sign-On with OIDC Authentication in the System Administration Help for more details.

  1. Open the Workstation window.

  2. In the Navigation pane, click Environments.

  3. Right-click an environment and choose Configure Enterprise Security.

  4. In step 1, select an Azure or Okta as the identity provider.
  5. In step 2, click View configuration instruction to view a step-by-step configuration guide. Use the instructions to complete steps 2 and 3. Starting in MicroStrategy 2021 Update 10, if your IdP supports single logout, you can enable it using Enable Single Logout with OIDC Authentication.
  6. If you need assistance from your administrator that is in charge of enterprise Identity and Access Management (IAM), click Request access from your administrator.

  7. User Claim Mapping Expand to enter OIDC claims to identify users and display their info.

    Primary User Identifier Enter the OIDC claim used to identify users. By default, the OIDC claim is email.

    Login Name: Enter the OIDC claim for the login name. By default, the OIDC claim is name.

    Full name Enter the OIDC claim used for display users’ full names in MicroStrategy. By default, the OIDC claim attribute is name.

    Email Enter the OIDC claim used as the user's email in MicroStrategy. By default, the OIDC claim attribute is email.

    Advanced Expand to enter advanced user mapping settings.

    Import User at Login Activate this toggle to allow users from your active directory to use their credentials to log in to MicroStrategy.

  8. In step 5, if Okta is selected as the identity provider, click Test Configuration to test with the credentials you provided above.

  9. Click Save.

  10. Access the Library Admin page to complete additional steps before OIDC authentication takes effect.