Description

This work item explores the feasibility of adding SAML Single Sign-On (SSO) to the 6clicks application. The goal is to assess the technical, security, and product implications of supporting SAML 2.0 authentication, and to identify potential blockers or requirements for a future implementation.

Key Components

• Research integration options with major SAML 2.0 Identity Providers (Okta, Azure AD, Ping, etc.)
• Review metadata exchange requirements between Service Provider (6clicks) and IdPs
• Investigate mapping strategies for roles, tenants, and attributes passed via SAML assertions
• Assess fallback and coexistence with existing authentication flows (JWT, API keys, OIDC)
• Identify security, compliance, and infrastructure considerations (e.g., key management, certificates)

Benefits

• Clarity on technical viability and effort required to implement SAML

• Early identification of risks, gaps, or incompatibilities with current authentication architecture

• Ability to scope customer demand and prioritize against other roadmap features

• Provides the foundation for a well-informed go/no-go decision on full SAML support

Example Use Case

A prospective enterprise client requires SAML SSO via Azure AD to onboard. This feasibility study helps determine whether 6clicks can technically and securely support such integration, and what level of effort or platform changes would be needed to meet the requirement.