Single Sign On

Titanium has SSO capability for user authentication ready to go. It will work with any software authentication product that supports OpenID Connect (ODIC) or with Windows Authentication. You should contact your IT group to obtain the information required to activate the feature.

The Titanium log in screen will change during this process, so you should notify staff to choose the local authentication option until the configuration settings have been confirmed and tested.

1. If your database was installed prior to November 2025, email Support@TitaniumSoftware.com to request the script to run against your database.

5. Choose the "Single Sign On or Local Authentication" from the pull down menu. This will allow users to continue to use the previously entered Titanium user names and passwords until single sign on is fully configured and functional.

6. Choose the SSO authentication method (OpenID Connect or Windows Integrated Authentication).

7. For Windows Authentication, choose the option from the pull down menu. Click Save.

8. For OpenID Connect, enter the settings provided by your IT group and click Save:

o	Identity provider sign in URL: This is the website where users will complete authentication into the University network (Note: An identity provider is the software the University has chosen to use for network authentication.)

Login Redirect URL: This is the location where the identity provider will send a token that will be used for future logins. This might be the user's local work station, or another location set by your IT group. (Note: http://127.0.0.1:7890 is commonly used. But the value must match whatever your IT group set up.)

o	Client ID: This is the number that IT has set up for the Titanium application to use single sign on.

o	Client Secret: This is the password associated with the client ID.

o	Scope: This is the location of the user information in the identity provider's system. Add offline_access after the value provided by your IT group, or users will have to authenticate every time they log in. (Note: Common options are OpenID email and OpenID Profile.)

o	User Identity Claim Type: This is the identity that the user will enter when authenticating. (Note: This value is often Email.)

The remaining settings should be left as the defaults, unless directed by your IT group.

11. For each user, enter their single sign on user identity in the SSO User Identity field.

16. When your workstation browser opens, authenticate into the University network. (Note: If you are unable to complete authentication, it is likely that your IT group didn't provide the correct configuration information or the information was entered incorrectly. Log into Titanium using the local log in option with your user name and password, and contact your IT group to double check the configuration settings.)

17. When Titanium opens, navigate to Settings > System Settings > User Authentication Settings button. Choose the desired Authentication Type from the pull down menu and click Save.

o	Local authentication: This is the default setting. If this setting is chosen, users log into Titanium directly with a Titanium user name and password issued by a center administrator.

o	Single sign on: Users will authenticate into the university network one time. Then when they double click on the Titanium icon in the future, they will automatically be logged in.

o	Single sign on or local authentication: On the Titanium log in screen, users will choose whether to authenticate into the university network, or log into Titanium directly with a Titanium user name and password issued by a center administrator.

o	Single sign on and local authentication: Users have to authenticate into the university network first, and then log into Titanium with a Titanium user name and password issued by a center administrator.