SSO Overview
SecureCodingHub supports Single Sign-On via OpenID Connect (OIDC) and SAML 2.0. SSO lets your team sign in with their corporate identity provider — no separate passwords needed.
Supported Protocols
SecureCodingHub supports two industry-standard SSO protocols:
OIDC (OpenID Connect)
Modern OAuth 2.0 based protocol. Recommended for Azure AD, Okta, and most cloud identity providers. Uses authorization code flow with PKCE.
SAML 2.0
XML-based federation protocol. Supported for legacy identity providers and enterprise environments.
How SSO Works
When SSO is configured for your organization, the login flow works as follows:
User navigates to SecureCodingHub login
Enters their email — system detects SSO is configured for their org domain
Browser redirects to your identity provider (Azure AD, Okta, etc.)
User authenticates with corporate credentials
IdP redirects back to SecureCodingHub with auth token
SecureCodingHub creates a session and logs the user in
JIT Provisioning
When SSO is enabled, users are automatically created on first login — this is called Just-In-Time (JIT) provisioning. New users are assigned the Learner role by default. Your organization must have available seats for new users to be provisioned.
Configuration URLs
Use the following URLs when configuring your identity provider:
| Setting | Value |
|---|---|
| OIDC Callback URL | https://api.securecodinghub.com/api/sch/auth/sso/callback/oidc |
| SAML ACS URL | https://api.securecodinghub.com/api/sch/auth/sso/callback/saml |
| SP Metadata URL | https://api.securecodinghub.com/api/sch/auth/sso/metadata |