Skip to main content

Before you begin

To complete this guide, you’ll need:
  • A C1 enrollment code (if you don’t have an enrollment code, contact support@c1.ai)
  • Ability to create an SSO app in the IdP (if using Okta, OneLogin, or JumpCloud)
Estimated time: 15 minutes

Step 1: Register your C1 domain

1
Go to https://accounts.conductor.one/accounts/signup.
2
In the Domain field, enter the domain you want to use for your C1 instance.For example, if you work at Acme Co., enter acmeco to create an acmeco.conductor.one domain.
3
In the Display name field, enter the name of your company.
4
In the Invite code field, paste in the invite code you received from C1. The code is case-sensitive.
5
Click Sign up with [your SSO provider].

Step 2: Authenticate with your SSO provider

Jump to the instructions for your SSO provider:

Google

Okta

OneLogin

JumpCloud

Microsoft

PingOne

Open ID Connect (OIDC)

Authenticate with Google

When prompted to login, click your corporate account and continue logging in. Google will now re-authenticate you, if needed, and log you in to C1.

Authenticate with Okta

Step 1: Add the C1 app in Okta

First, add the C1 app to Okta.
1
In a new browser tab, navigate to the Okta admin console and click Applications > Applications > Browse App Catalog.
2
Search for “C1” and select the C1 app, then click Add Integration.
3
In the Subdomain field, enter the domain you chose for your C1 instance.
4
Select whether you want to make the C1 application visible to users, then click Done.

Step 2: Assign users to the Okta app

Next, assign the C1 app to an Okta user or group so the user or group can access and use the app.
If you do not assign the Okta app to yourself, you will receive an error at login and your C1 tenant will not be created!
1
Still in the Okta admin console, click the C1 app’s Assignments tab.
2
Click Assign and select either Assign to People or Assign to Groups.
3
Locate the user or group you want to assign the app integration to and click Assign.
4
Confirm that the data is correct in the Assign C1 to dialog.
5
Click Save and Go Back. The Assigned button for the user or group is disabled to indicate the app integration is assigned.
6
If necessary, repeat steps 2-6 to assign the C1 app to additional users or groups.
7
Click Done.

Step 3: Input OAuth credentials into Okta C1 app

In this step, you’ll configure the SSO settings for the C1 app in Okta. To complete this step you’ll move back and forth between your Okta tab and the C1 registration tab.
1
In Okta, click Applications > Applications > C1 to return to the new C1 application’s details screen.
2
Copy your Okta domain (such as acmeco.okta.com) from the browser’s address bar and paste your Okta domain into the Okta domain field in C1.
3
In Okta, click the Sign On tab. Copy the C1 app’s client ID by clicking the Copy to clipboard icon.
4
In C1, paste the client ID into the Client ID field.
5
In Okta, copy the C1 app’s client secret by clicking the Copy to clipboard icon, then paste the client secret into the Client secret field in C1.
6
In C1, click Sign up with Okta.
Okta will guide you through the SSO sign-in process and redirect you to the C1 dashboard.

Authenticate with OneLogin

Step 1: Create an OIDC app in OneLogin

1
In a new browser tab, navigate to the OneLogin administration portal and click Apps.
2
Click Add App.
3
Search for “OpenID Connect” or “oidc” and click OpenId Connect (OIDC).
4
Enter the following information in the specified fields:
  • Display name: C1
  • (Optional) Logo:
C1 logo
5
Click Save.
6
On the Configuration tab, fill out the specified fields as follows:
  • Login Url: Leave this field blank
  • Redirect URI’s: Enter https://accounts.conductor.one/auth/callback
  • Post Logout Redirect URIs: Leave this field blank
7
On the SSO tab, make the following selections:
  • Application Type: Web
  • Authentication Method: POST

Step 2: Configure the SSO settings on the OneLogin C1 app

In this step, you’ll configure the SSO settings for the C1 app in OneLogin. To complete this step you’ll move back and forth between your OneLogin tab and the C1 registration tab.
1
In OneLogin, copy your OneLogin domain (such as acmeco.onelogin.com) from the browser’s address bar.
2
In C1, paste your OneLogin domain into the OneLogin domain field.
3
In OneLogin, on the SSO tab, copy the C1 app’s Client ID.
4
In C1, paste the Client ID into the Client ID field.
5
In OneLogin, copy the C1 app’s Client Secret.
6
In C1, paste the Client Secret into the Client secret field.
7
In C1, click Sign up with OneLogin. OneLogin will now guide you through the SSO sign-in process and redirect you to the C1 dashboard.

Step 3: Assign users to the OneLogin C1 app

Lastly, give your colleagues access to C1 via OneLogin SSO by adding the new C1 app to one or more OneLogin user groups.
1
In the OneLogin admin portal, navigate to User Groups.
2
Select the existing user group you’d like to give access to C1 (or create a new user group by clicking the Create button).
3
Click Applications and select C1.
4
Click Save.

Authenticate with JumpCloud

Step 1: Create an OIDC app in JumpCloud

1
In a new browser tab, navigate to the JumpCloud Admin Portal and click User authentication > SSO.
2
Click + Add New Application.
3
Scroll to the bottom of the window and click Custom OIDC App.
4
Enter the following information in the specified fields:
  • Display Label: C1
  • (Optional) Logo:
C1 logo
5
Click Save.
6
On the SSO tab, fill out the specified fields as follows:
  • Redirect URIs: Enter https://accounts.conductor.one/auth/callback
  • Client Authentication Type: Client Secret POST
  • Login URL: https://YOUR_DOMAIN.conductor.one/login?sso_operation=initiate_login (use the C1 domain you chose in Step 1)
7
In the User Attribute Mapping section, enter email in the Service Provider Attribute Name field and select email in the JumpCloud Attribute Name field, then click Add Attribute.
8
On the User Groups tab, select one or more groups to assign access to C1.
9
Click Activate. Leave the Application Saved popup that displays the Client ID and the Client Secret fields open. You’ll use these values in the next step.

Step 2: Configure OIDC settings on the JumpCloud C1 app

In this step, you’ll configure the SSO settings for the C1 app in OneLogin. To complete this step you’ll move back and forth between your JumpCloud tab and the C1 registration tab.
1
In JumpCloud, copy the C1 app’s Client ID from the Application Saved popup.
2
In C1, paste the Client ID into the Client ID field.
3
In JumpCloud, copy the C1 app’s client secret and paste it into the Client secret field in C1.
4
In C1, click Sign up with JumpCloud. JumpCloud will now guide you through the SSO sign-in process and redirect you to the C1 dashboard.

Step 3: Grant users access and login

Lastly, give your colleagues access to C1 via JumpCloud SSO by adding the new C1 app to a JumpCloud user group.
1
In the JumpCloud Admin Portal, navigate to User Groups.
2
Select the existing user group you’d like to give access to C1 (or create a new user group by clicking the Create button).
3
Click Applications and select C1.
4
Click Save.

Authenticate with Microsoft

1
When prompted to authenticate with Microsoft, select your corporate account.
2
Review the permissions requested by C1. These permissions are needed to establish the SSO link between Microsoft and C1.
  • If you have the correct permission level in Microsoft, check the box to Consent on behalf of your organization. This enables the requested C1 permissions for all users in your organization.
  • If you do not have the permissions needed to check the box, before other users attempt to sign into C1 using SSO, direct your Microsoft administrator to manage permissions for the C1 application in by navigating to Enterprise applications > C1 SSO > Permissions and clicking Grant admin consent for ….
3
Click Accept.
Microsoft will now guide you through the SSO sign-in process and redirect you to the C1 dashboard.

Authenticate with PingOne

Step 1: Create an OIDC app in PingOne

1
In a new browser tab, log into your PingOne Administration console and navigate to Applications > Applications.
2
Click the + (plus sign) to create a new application.
3
Enter the following information in the specified fields:
  • Application name: C1
  • (Optional) Logo:
C1 logo
4
In the Application Type area of the page, select OIDC Web App.
5
Click Save.
6
On the Configuration tab, click Edit and fill out the specified fields as follows:
  • Token Endpoint Authentication Method: Client Secret Post
  • Redirect URI’s: Enter https://accounts.conductor.one/auth/callback
  • Initiate Login URI: Enter https://your_domain.conductor.one/login
7
Click Save.
8
At the top of the page, click the toggle to enable the new application.
9
Return to the Configuration tab and carefully copy and save the new app’s Client ID, Client secret, and Environment ID. You’ll use these in the Step 2.

Step 2: Configure the SSO settings on the OneLogin C1 app

1
Back in the C1 setup tab, paste the Client ID, Client secret, and Environment ID into the form at the right of the page.
2
Click Sign up with PingOne. PingOne will now guide you through the SSO sign-in process and redirect you to the C1 dashboard.

Authenticate with generic OpenID Connect

Step 1: Create an OIDC app in your identity provider

1
In a new browser tab, log into your identity provider and create a new OIDC application.
  • Configure the redirect URI to use https://accounts.conductor.one/auth/callback.
  • Ensure the authorization code flow is enabled.
2
Gather OIDC credentials to pass to C1:
  • Issuer URL (the base URL of your OIDC provider)
  • Client ID
  • Client secret
  • Optional: Additional scopes beyond openid, profile, and email
3
Back in the C1 setup tab, paste the Issuer URL, Client ID, Client secret, and any OIDC scopes into the relevant fields in the form at the right of the page.
4
Click Sign up with OIDC. Your identity provider will now guide you through the SSO sign-in process and redirect you to the C1 dashboard.

Success!

Your C1 tenant is created and you are logged in! See our other getting started guides to move through the product and get on the fast track to modern governance.