WandoDocs
Home
Sign in
Overview

Single sign-on

  • Microsoft Entra ID
  • Google Workspace
  • Google Workspace (OIDC)
  • OktaOkta
  • Auth0
  • Generic OIDC

SCIM provisioning

  • Microsoft Entra ID
  • OktaOkta
  • Auth0

More provider guides are added as we ship them. Need one we don't cover? hej@wando.app

Browse all guides
Overview

Single sign-on

  • Microsoft Entra ID
  • Google Workspace
  • Google Workspace (OIDC)
  • OktaOkta
  • Auth0
  • Generic OIDC

SCIM provisioning

  • Microsoft Entra ID
  • OktaOkta
  • Auth0
© 2026 WandoDocs are continuously updated as the product ships.
Wando docs

Setup and configuration guides

Short, opinionated walkthroughs for plugging Wando into the identity providers your IT team already runs. Every guide ends with the exact values to paste into the Wando admin.

Single sign-on

Wire up an identity provider

Pick the protocol your identity provider speaks. SAML is metadata-first with no client secret to rotate; OpenID Connect covers everything with an OAuth app registration.

SAML 2.0

Recommended where available — one metadata document to exchange, certificate rollover handled automatically.

  • Microsoft Entra ID

    ~10 minSAML

    Set up SAML single sign-on for Microsoft 365 with Microsoft Entra ID (formerly Azure AD). Once configured, members of your organisation sign in to Wando with their Microsoft account — no separate password, and no client secrets that expire.

  • Google Workspace

    ~10 minSAML

    Set up SAML single sign-on with Google Workspace. Google hands you one metadata file that tells Wando everything it needs — no OAuth client to register and no client secret to rotate.

OpenID Connect

An OAuth client with an ID and secret. The generic guide covers any standards-compliant provider.

  • Google Workspace (OIDC)

    ~10 minOIDC

    Sign in with Google accounts through OpenID Connect: an OAuth 2.0 client in Google Cloud Console, with Wando handling the rest via standard OIDC discovery. Most organisations should prefer the Google Workspace SAML guide — it needs no client secret.

  • Okta

    Okta

    ~10 minOIDC

    Configure OpenID Connect sign-in against Okta. Create a Web Application integration, point it at Wando's callback URL, then assign the users or groups who should be able to sign in.

  • Auth0

    ~8 minOIDC

    Use Auth0 as the identity provider for an organisation. You'll register a Regular Web Application, set the callback URL to Wando, and copy the tenant credentials over.

  • Generic OIDC

    ~10 minOIDC

    For any OpenID Connect 1.0 provider not covered by a dedicated guide — Keycloak, Authelia, Ping Identity, Curity, JumpCloud, OneLogin, and others. The steps below are the universal shape; consult your provider's docs for the exact menu labels.

SCIM 2.0 provisioning

Sync members from your directory

Push users and groups from your IdP so Wando members and roles stay in lockstep with your source of truth.

  • Microsoft Entra ID

    ~15 min

    Provision members from Entra ID into Wando automatically. Entra pushes user and group changes to Wando's SCIM 2.0 endpoint over a bearer token, and Wando maps groups to roles.

  • Okta

    Okta

    ~15 min

    Provision members from Okta into Wando over SCIM 2.0. Okta pushes user lifecycle events (create / update / deactivate) and group assignments to Wando's SCIM endpoint, and Wando maps groups to roles.

  • Auth0

    ~5 min

    Auth0 does not push SCIM to downstream applications — its SCIM 2.0 support is inbound only (a way for an upstream IdP to provision users *into* Auth0). Pick one of the options below depending on where your user directory actually lives.

Missing a provider?

The Generic OIDC guide covers any standards-compliant IdP. If you want a dedicated walkthrough for your provider, get in touch at hej@wando.app.