← Learning library
LaraunaManaged automation & care
Administrator · Access

Add an application to SSO

Connect one of your apps so people sign in to it through Single Sign-On. Registering an app gives it a key and an allow-list of redirect URLs — the two things that let it trust the login securely.

Prepared for   Set up by   Date   

1 Open Applications and register

Mission Control Access Single sign-on Applications Register app

2 Name it and add its redirect URL(s)

Give the app a clear name (e.g. "Care portal"), then add the redirect URL — the address people are sent back to after they sign in (for example https://your-app.com/sso/callback).

Register application NAME Care portal ALLOWED REDIRECT URL https://care.yourbrand.com/sso/callback
Only these exact URLs are allowed — a safety measure so nobody can hijack the sign-in.
Why the allow-list? The login will only ever hand a token back to an address on this list — so an attacker can't point it at their own site. Add every URL the app legitimately uses (e.g. a staging one too).

3 Copy the key — it's shown once

When you register, Mission Control shows the app's secret key a single time. Copy it now.

You won't be able to see this key again. Paste it straight into the app's config (next step). If you ever lose it, use Rotate key on the app to issue a fresh one.

4 Put the key into your app

In the app you're connecting, set two things: the address of the identity provider, and the key you just copied. With the Larauna SSO SDK that's an environment setting:

# in the app you're connecting SSO_ISSUER_URL=https://your-mission-control-url SSO_APP_KEY=<the key you copied>

The app now delegates its login to Mission Control. (No code to write — the SDK handles the redirect and verifies the token.)

5 Test it

  • Open the app and click sign in.
  • You should be sent to Mission Control, sign in there, and land back in the app already signed in.
  • If it bounces back with an error, the usual cause is a redirect URL that isn't on the allow-list — add the exact URL (step 2) and retry.
That app now uses your single login. Repeat for each app you want on SSO.

Managing an app later

  • Rotate key — issue a fresh key (e.g. if the old one may have leaked). Update the app's config with the new key.
  • Remove — the app can no longer use SSO. Its own local login (if any) still works.
© Larauna · Add an application to SSO · v1Questions? Contact your Larauna administrator.