Submit a ticket My Tickets
Welcome
Login  Sign up

SAML/SSO General User Guide

This documentation describes the SAML Single Sign-on feature guide for the account/user. The document includes detailed steps for activating the SAML SSO feature, information about permissions that can affect access to this feature as well as configuration steps for Azure AD, Google Workspace, OneLogin, JumpCloud, and Okta identity providers. 

To get access to the SAML Single Sign-on for the account/user, the following steps should be completed:

  1. The subscription plan should support SAML Single Sign-on  

  2. The account should be active

  3. The super admin of the account and users should be active

Steps for configuration SAML Single Sign-on

  1. Login to the main user’s account

  2. Go to the settings and click the SAML Single Sign-on

  3. Click the Connect Identity Provider button

  4. On the opened page type the connection name 

  1. Copy the Assertion Consumer Service URL and add it to IdP app configuration page

  2. Download the SAML metadata from IdP after adding the ACS and Entity ID URLs

  3. Upload the downloaded metadata to the platform or paste the metadata link to complete the configuration process

  4. Enable or Disable the "Force IdP Re-authentication" option

  5. Enable or Disable "Prepopulate the User Email Address"

  6. Click the Create Connection button 

  7. Your connection is created!

Steps to sign in via SAML SSO

  1. Navigate to the Sign-in page and click the Sign-in with SSO link

  1. Enter your email address and click the Continue button 

  1. You will be redirected to the IdP side to provide the username and password 

  1. After passing the authentication on the IdP side you will be  redirected to your account on our platform 

Prepopulate User Email Address

If a user in IdP has a distinct username and a primary email address, ensure that the "Prepopulate user email address" option is unchecked in PowerDMARC.

Here's the recommended configuration for this scenario:

Example in Okta: Login with a username.

  1. Navigate to your Directory > People 

  2. Click on “Add person”, fill in all the required fields, and click on Save

  1. After creating your users, proceed to create an application

During the APP creation on Okta, ensure the following settings are chosen:

 

  1. On PowerDMARC, during the creation of an SSO connection, ensure to disable "Prepopulate user email address"

Note: Configuring attribute statements on IdP and disabling "Prepopulate user email address" on PowerDMARC allows you to sign in via SSO to your account when your primary email and username email differ on Okta IdP. Verify that your Okta user's primary email address is added to PowerDMARC as well.

Force IdP Re-authentication

This allows enabling/disable a forced Re-authentication during signing-in via SSO. When the checkbox for “Configure IdP Session Management for Forced Re-authentication” is disabled in this section, it provides the ability to the IdP to keep your session active.

We have dedicated, detailed guides for each of these IdPs, you can find them below: 


1. OneLogin SSO Setup Guide 

2. Azure AD SSO Setup Guide 

3. Google Workspace SSO Setup Guide 

3. JumpCloud SSO Setup Guide 

4. Okta SSO Setup Guide 


Contact us for further information or assistance! 

P
PowerDMARC is the author of this solution article.

Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.