VyOS Networks Blog

After introducing Single Sign-On (SSO) for VyOS services, we received a number of questions about how it works in practice. This follow-up post explains what SSO is, how it relates to your existing VyOS accounts, and what to keep in mind when using it day to day. For rollout dates and migration details, please refer to our initial SSO announcement.

VyOS service accounts and SSO: how they fit together

VyOS operates several different services, such as the Support Portal, Community Forum, and Issue Tracker. Each of these services keeps its own user database with its own fields and properties. For example, the Support Portal stores information about which organization a user belongs to, while the Issue Tracker focuses on issue-related data and does not need those organizational details.

These per-service records are the service accounts. They live inside each individual service and determine what you can do there: which tickets you see, which forum areas you can post in, which issues you can manage, and so on.

The SSO service is different. It stores only a minimal set of information needed to identify and authenticate you as a person. During login, its job is essentially to answer a single question for a VyOS service: “Who is this user?”.

SSO handles the authentication step. After that, the service you are trying to access uses your existing service account and its internal permissions to decide what you are allowed to do.

Because SSO and the service accounts are separate, a few practical things follow:

• You can have different usernames or display names on different services, while they are all linked to the same SSO identity through your email address.

• Creating or updating an SSO account does not automatically create accounts in every VyOS service. Those service accounts are still created and managed separately, for example, when your organization onboards you to the Support Portal.

• When you log in or out of one service, the action applies only to that service. Your SSO session or sessions in other services are not affected.

Authentication methods and security

One of the biggest advantages of SSO is that it allows us to support modern authentication methods in a consistent way across services.

You may already have seen or used options such as logging in with Google or GitHub, passwordless login, passkeys, hardware security tokens, or one-time passwords delivered via email or SMS. SSO is the place where these methods are plugged in and combined.

This means we can offer more convenient login options while still enforcing strong security policies. For example, in line with current best practices and modern security standards, VyOS requires a second authentication factor for SSO logins. This extra step significantly improves the protection of your accounts without tying you to a single authentication method.

One account for one person

In the past, it was common for teams to share a single login for a tool or portal. With today’s security requirements and compliance frameworks, that approach is no longer acceptable.

Each VyOS SSO account is meant to represent one real person, not a team or an entire organization. This makes it easier to understand who performed a specific action, improves auditing and logging, and helps us comply with modern standards and regulations.

Your organization is not limited in how many accounts it can have. If several people in your team need access to VyOS services, the right approach is to register each person with their own SSO account and then grant them appropriate access in the relevant services.

Practical tips for daily use

Once SSO is in place, it helps to adjust how you think about login and account management.

Password reset and account changes

Because authentication is now handled centrally by SSO, your SSO credentials are the primary way to access VyOS services.

If you used a built-in “reset password” feature in a particular service in the past, you should now use the password reset option on the SSO login page instead. Changing or resetting your SSO password applies to all VyOS services that use SSO for login, so you only need to do this once.

Email addresses and multiple accounts

If you used different email addresses for different VyOS services in the past, you may now have more than one SSO account, each linked to a different set of service accounts. This is expected behavior and follows the migration rules described in our initial SSO announcement.

If you are unsure which account to use, or you log in and do not see the data or permissions you expect (for example, missing support tickets or forum history), contact support@vyos.io and include the email addresses you may have used. In many cases, we can help you choose the right primary account and adjust access where appropriate.

Profile data: what lives where

Some of your personal information is stored in SSO itself, such as your primary email address and basic identity data. Other details remain specific to individual services, such as your forum display name, avatar, or notification settings. When you update profile information, changes may affect only SSO or only a particular service, depending on where you make them.

Services that are not yet connected to SSO

SSO is already used for the most critical VyOS services. Some external platforms, however, still use their own authentication.

For example, if you are part of our Slack community, you will continue to log in directly via Slack rather than through VyOS SSO. Over time, we may connect more services to SSO, but some third-party platforms will always rely on their own login systems.

Different login screens

Depending on the service, you may still see a traditional username and password form. There will also be a link or button to log in via SSO.

This password-based login inside individual services is a transitional option only. It will be disabled on December 2.

Whenever you see an option such as “Log in with SSO”, that is the method you should choose for your VyOS identity. Where SSO is available, it is the preferred and supported way to access VyOS services, both during the transition and afterwards.

Access and permissions inside services

SSO confirms who you are, but it does not define what you can do in a specific service.

It is possible to log in successfully with SSO and still not have access to certain resources or areas within a service. In that situation, your SSO account is working correctly, but your permissions within that particular service may need to be adjusted by an organization administrator or by the VyOS Support Team.

Need help?

If anything about SSO, access, or permissions is unclear, or if you run into issues signing in, we are ready to help.

You can contact our Support Team at support@vyos.io. Please mention which service you are trying to access, the email address you use to log in, and any issues you have. This will help us solve the issue more quickly.

Thank you for using VyOS and for taking the time to get familiar with the new SSO experience.