Short, opinionated walkthroughs for plugging Wando into the identity providers your IT team already runs. Every guide ends with the exact values to paste into the Wando admin.
Pick the protocol your identity provider speaks. SAML is metadata-first with no client secret to rotate; OpenID Connect covers everything with an OAuth app registration.
Recommended where available — one metadata document to exchange, certificate rollover handled automatically.
~10 minSAML
Set up SAML single sign-on for Microsoft 365 with Microsoft Entra ID (formerly Azure AD). Once configured, members of your organisation sign in to Wando with their Microsoft account — no separate password, and no client secrets that expire.
~10 minSAML
Set up SAML single sign-on with Google Workspace. Google hands you one metadata file that tells Wando everything it needs — no OAuth client to register and no client secret to rotate.
An OAuth client with an ID and secret. The generic guide covers any standards-compliant provider.
~10 minOIDC
Sign in with Google accounts through OpenID Connect: an OAuth 2.0 client in Google Cloud Console, with Wando handling the rest via standard OIDC discovery. Most organisations should prefer the Google Workspace SAML guide — it needs no client secret.
~10 minOIDC
Configure OpenID Connect sign-in against Okta. Create a Web Application integration, point it at Wando's callback URL, then assign the users or groups who should be able to sign in.
~8 minOIDC
Use Auth0 as the identity provider for an organisation. You'll register a Regular Web Application, set the callback URL to Wando, and copy the tenant credentials over.
~10 minOIDC
For any OpenID Connect 1.0 provider not covered by a dedicated guide — Keycloak, Authelia, Ping Identity, Curity, JumpCloud, OneLogin, and others. The steps below are the universal shape; consult your provider's docs for the exact menu labels.
Push users and groups from your IdP so Wando members and roles stay in lockstep with your source of truth.
~15 min
Provision members from Entra ID into Wando automatically. Entra pushes user and group changes to Wando's SCIM 2.0 endpoint over a bearer token, and Wando maps groups to roles.
~15 min
Provision members from Okta into Wando over SCIM 2.0. Okta pushes user lifecycle events (create / update / deactivate) and group assignments to Wando's SCIM endpoint, and Wando maps groups to roles.
~5 min
Auth0 does not push SCIM to downstream applications — its SCIM 2.0 support is inbound only (a way for an upstream IdP to provision users *into* Auth0). Pick one of the options below depending on where your user directory actually lives.
The Generic OIDC guide covers any standards-compliant IdP. If you want a dedicated walkthrough for your provider, get in touch at hej@wando.app.