There are many SSO providers from which to choose for PI authentication. We can determine the best choice for customers from a few different options.
- Microsoft Office 365
- Azure AD
- SAML 2.0
- Other providers
Keep it simple with one question. What method is used to sign in to other cloud applications? That is usually the answer for your PI authentication. An exception might be that most of your applications use a legacy method and your organization is migrating to something else. For example, you use SAML 2.0 for most applications and there's been a more recent decision to standardize on Microsoft Office 365.
Microsoft Office 365
Microsoft Office 365 is often the easiest. If it's already configured for your organization's Office applications, it can work in just a few minutes with some simple settings in PI and the Office 365 portal.
The Azure AD configuration has more complex options than the Office 365 SSO. For example, you can choose which AD users can set up their own default user profile in PI without having PI user administrators add each new user. An AD group(s) is configured with access to PI so that only AD users with that group membership are accepted as new users on attempt to login to PI.
SAML 2.0 is most common for organizations which do not use a specific cloud platform for SSO, such as the two referenced above from Microsoft. For example, if Shibboleth is your organization's SSO requirement, SAML 2.0 can fit that requirement as well as many others.
SSO is available from other providers such as Google and Facebook. These are most commonly used in small office, home office environments with few users not associated with a larger corporation. Independent sign-ups for our PI#team services will often choose to use these other providers to login through cloud accounts they regularly sign into at the start of each work day.