From c21df51ba0677b2ad316122b5c6dedfac665728e Mon Sep 17 00:00:00 2001 From: Jonas Hungershausen Date: Thu, 12 Mar 2026 06:22:59 -0400 Subject: [PATCH 1/2] chore: add note about MFA on console SSO --- docs/console/single-sign-on.mdx | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/docs/console/single-sign-on.mdx b/docs/console/single-sign-on.mdx index 1b545a788..296a8c3c5 100644 --- a/docs/console/single-sign-on.mdx +++ b/docs/console/single-sign-on.mdx @@ -17,23 +17,24 @@ your IdP's login page to authenticate. Follow these steps to configure SSO for your workspace: -1. Go to your workspace's settings, and scroll down to the Single Sign-On (SSO) section. -2. Click on the **Enroll** button to start the enrollment process. -3. _If you did not verify your email address, you will be prompted to do so. Please check your inbox for a verification email and +1. Remove any second factor authentication (2FA) methods from your account, as these are not compatible with SSO. You can do this in the [account settings of the Ory Console](https://console.ory.sh/settings). +2. Go to your workspace's settings, and scroll down to the Single Sign-On (SSO) section. +3. Click on the **Enroll** button to start the enrollment process. +4. _If you did not verify your email address, you will be prompted to do so. Please check your inbox for a verification email and click on the link provided._ -4. Confirm the domain that you want to enroll for SSO. This should be the domain of your email address (e.g., `example.com`). +5. Confirm the domain that you want to enroll for SSO. This should be the domain of your email address (e.g., `example.com`). ![SSO Enrollment Confirmation](./_static/sso-create-org.png) -5. Click the **Configure SSO now** button to proceed to the SSO configuration page. -6. On the SSO configuration page, you can choose between OIDC and SAML as your SSO protocol. Follow the instructions for your +6. Click the **Configure SSO now** button to proceed to the SSO configuration page. +7. On the SSO configuration page, you can choose between OIDC and SAML as your SSO protocol. Follow the instructions for your chosen protocol to complete the setup. -7. After completing the SSO configuration, you must confirm the setup with your account. +8. After completing the SSO configuration, you must confirm the setup with your account. 1. Logout from the Ory Console. 2. Enter your email address and click on the **Continue with SSO** button. 3. You will be redirected to your IdP's login page. Enter your credentials and log in. 4. Follow any additional steps required by your IdP (e.g., multi-factor authentication). Note that you might be asked to enter your existing password for the Ory Console one last time to confirm the SSO setup. 5. After successful authentication, you will be redirected back to the Ory Console and logged in. -8. Congratulations! You have successfully set up Single Sign-On for your workspace in Ory Console. You can now use your IdP +9. Congratulations! You have successfully set up Single Sign-On for your workspace in Ory Console. You can now use your IdP credentials to access the console. ### Restricting access to your workspace From 5eaf10e45a47ecc4a8afc3eeca37b0a3ae086d2a Mon Sep 17 00:00:00 2001 From: Jonas Hungershausen Date: Thu, 12 Mar 2026 06:44:38 -0400 Subject: [PATCH 2/2] chore: format --- docs/console/single-sign-on.mdx | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/docs/console/single-sign-on.mdx b/docs/console/single-sign-on.mdx index 296a8c3c5..76f5fccc5 100644 --- a/docs/console/single-sign-on.mdx +++ b/docs/console/single-sign-on.mdx @@ -17,7 +17,8 @@ your IdP's login page to authenticate. Follow these steps to configure SSO for your workspace: -1. Remove any second factor authentication (2FA) methods from your account, as these are not compatible with SSO. You can do this in the [account settings of the Ory Console](https://console.ory.sh/settings). +1. Remove any second factor authentication (2FA) methods from your account, as these are not compatible with SSO. You can do this + in the [account settings of the Ory Console](https://console.ory.sh/settings). 2. Go to your workspace's settings, and scroll down to the Single Sign-On (SSO) section. 3. Click on the **Enroll** button to start the enrollment process. 4. _If you did not verify your email address, you will be prompted to do so. Please check your inbox for a verification email and