# SSO Authenticator

## Introduction

The SSO authenticator is responsible for checking that a user is logged in and then redirect the user.  It must NOT be placed in a chain. Used in a SSO scenario.

## Configuration

{% hint style="info" %}
**Authenticator type:** `SSOAuthenticator`
{% endhint %}

Common Authenticator configuration can be found [here](https://docs.fortifiedid.se/access/authenticators/common-configuration).

{% tabs %}
{% tab title="Properties" %}

<table><thead><tr><th width="223">Name</th><th width="195">Description</th><th width="146">Default</th><th data-type="checkbox">Mandatory</th></tr></thead><tbody><tr><td><code>pipe_id</code></td><td>The pipe reference. The pipe is commonly used to extract data needed for the redirect.</td><td><code>N/A</code></td><td>true</td></tr><tr><td><code>redirect_url</code></td><td>The url to redirect to after the pipe is finished. Expandable.</td><td><code>N/A</code></td><td>true</td></tr><tr><td><code>identifier</code></td><td>Used to find the authenticated user.   Expandable.</td><td><code>${session.identifier}</code></td><td>false</td></tr><tr><td><code>failure_location</code></td><td>The target location to where the user agent will be redirected when user is not authenticated. </td><td><code>N/A</code></td><td>false</td></tr></tbody></table>
{% endtab %}

{% tab title="Example" %}

```json
{
    "id": "tsplus",
    "type": "SSOAuthenticator",
    "config": {
        "pipe_id": "tsplus",
        "identifier": "${session.identifier}",
        "redirect_url": "https://www.app.com/?server=${exports.server_name}&ticket=${exports.ticket}",
        "base_path": "/access/authn",
        "failure_location": "http://www.mycompany.com/errorpage"
    }
}
```

{% endtab %}
{% endtabs %}