In this article


For customers on the Premium Plan, admins can optionally connect their SSO service provider and enforce in-VR authentication on a per group basis. This can be enforced on devices and groups across all launch methods: ArborXR Home, Kiosk Mode, or Device Home Environment.

Regardless of which launch method is configured, the login screen will open upon powering on the device and users will not be able to gain access to the device until they authenticate.

💡Google Workspace, Azure Active Directory, Salesforce, and any SSO providers offering OAuth 2.0 support are supported.

Configuration Requirements

For admins with the required permissions, both in ArborXR and in the SSO service provider, the SSO service provider's details can be configured in ArborXR within Settings > Authentication In-Headset.

Below are links to documentation detailing the configuration requirements for all supported SSO service providers:

Enforce SSO on Devices & Groups

Once the SSO provider's details have been configured in Settings:

  1. Navigate to a device or a group on which you would like to enforce SSO.

  2. Select the Settings tab.

  3. Select Security from the sub navigation menu.

  4. Check the Enable Authentication In-Headset box.

  5. Optionally check the Enable Guest Access box.

    ⚠️ Enabling guest access is critical if devices will be used offline. If SSO is enforced but the device is not connected to WiFi, users will not have a way to get past the SSO login screen unless guest access is enabled.

  6. Click Save.

Logout Behavior

End users can logout by

  1. Selecting the logout icon in ArborXR Home which can be found:

    • To the right of ArborXR Home's app menu, for devices configured to ArborXR Home

    • In ArborXR's quick access menu (which opens on pressing the home button on the controller or on the headset), for devices configured to Kiosk Mode.

  2. Powering off the device.

  3. Setting aside the device 1 hour or longer (idle).

Did this answer your question?