← Learning library
LaraunaManaged automation & care
Administrator · Access

Set up Single Sign-On

Single Sign-On (SSO) gives your whole platform one login. Your team signs in once, and every connected app trusts that sign-in — no separate password per app. This is the first-time setup, start to finish.

Prepared for   Set up by   Date   

How it works (30 seconds)

Mission Control is the identity provider — the one place people sign in. Each app delegates its login to it: when someone opens an app, they're sent to Mission Control to sign in, then returned with a signed token the app trusts. Apps never see passwords.

Your staff Mission Control (the IdP) Sales admin Care portal …your other apps trust signed tokens

1 Open the Single sign-on panel

In Mission Control, go to:

Mission Control Access Single sign-on

You'll see two cards — Staff (who can sign in) and Applications (the apps that trust the login) — plus a Try the demo button.

2 Add yourself as the first staff member

Before anything can sign in, there has to be someone to sign in. Add yourself first.

Staff + Add staff username + a password
Full walkthrough: Add staff →

3 Register your first application

Now connect an app so it uses this login. Registering gives the app a key and the list of redirect URLs it's allowed to return users to.

Applications Register app
Full walkthrough: Add an application →

4 See it work — Try the demo

Click Try the demo at the top of the panel. It runs the full handshake — sign in at Mission Control, get bounced back to a sample app already signed in — so you can watch SSO in action before you wire a real app.

That's SSO set up. Add more staff and register each of your apps the same way — everyone now has one login.

Good to know

  • Apps never see passwords. They only ever receive a short-lived, cryptographically signed token — so a compromised app can't leak your team's credentials.
  • Turning SSO on is safe. Each app keeps its own local login as a fallback, so nothing locks you out while you roll it out.
  • Access is instant to revoke. Disable a staff member and they can no longer sign in to anything (see the Add staff guide).
© Larauna · Set up Single Sign-On · v1Questions? Contact your Larauna administrator.