Submit a ticket My Tickets
Welcome
Login  Sign up

SAML SSO User Guide

Description:

This documentation describes the SAML Single-sign-on feature guide for the account/user. The document includes detailed steps for activation of the DMARC SSO feature, information about permissions that can affect access to this feature as well as configuration steps for Azure AD, Google Workspace, Onelogin, Jump Cloud, and Okta identity providers. 

In order to get access to the SAML Single-sign-on for the account/user, the following steps should be completed:

  1. The subscription plan should support SAML Single-sign-on  

  2. Account is active

  3. Super admin of account and users are active

 

Steps for configuration SAML Single-sign-on with Onelogin identity provider:

  1. Login to the main user’s account

  2. Go to the settings and click the SAML Single-Sign-on

  3. Click the Connect Identity Provider button

  1. On the opened page type the connection name 

  2. Copy the Assertion Consumer Service URL and add it to the Onelogin app configuration page

Note: Onelogin IdP requires only ACS URL, so no need to provide Entity id URL.

  1. Download the SAML metadata from IdP after adding ACS URL

  1. Upload the downloaded metadata to the platform in order to complete the configuration process



  1. Click the Create Connection button 

  2. Your connection is created!


Note: Make sure your users are assigned to your application.

After creating the connection, the main user of the account and sub-users are getting an opportunity for signing in via SAML SSO. 

Note: 

There is an opportunity to specify your domains which will be used to sign in via SAML SSO. For instance, if add gmail.com it means only the email addresses registered on the platform and the IdP side which include gmail.com will be allowed to sign in via SSO. If the domains are not added, all your email addresses will be allowed to sign in via a SAML connection. 

 

Steps for sign-in via SAML SSO:

Before Signing in via SAML SSO  make sure your users on our platform and IdP side are added and their email addresses are the same on both sides. 

  1. Navigate to manage user in our platform 

  2. Edit user and switch the toggle to ON 

  1. Navigate to Sign in page and click the Sign in with SSO link

  1. Enter your email address and click the Continue button 

  1. You will be redirected on the Onelogin side to provide the username and password 

  1. After passing the authentication on the Onelogin side you will be  redirected to your account on our platform 

NoteAfter enabling SAML SSO, the main user of account can sign in using SAML SSO, credentials, or OAuth. However, sub-users can only sign in using SAML SSO if it's enabled for them by toggle.They cannot sign in using credentials or OAuth when SAML is enabled for them. 

Adding new user to the account with turned ON SAML SSO toggle. 

While adding a new user to your account you can switch the SSO toggle to ON and provide only the email address but take into consideration that the password will not be specified and user will be able to sign in only using SAML SSO connection.

 Steps for configuration SAML Single-sign-on with Azure AD identity provider:

  1. Login to main user’s account

  2. Go to the settings and click the SAML Single-Sign-on

  3. Click the Connect Identity Provider button

  1. On the opened page type connection name

  1. Copy the Entity ID and Assertion Consumer Service URL and add to the Azure AD Set up Single Sign-On with SAML page

  1. Once URLs are added on the Azure AD portal save changes and download the metadata from Azure AD portal 

Note: Make sure your users are assigned to your application.

  1. Upload the downloaded metadata to the platform in order to complete the configuration process

  2. Click the Create Connection button

  3. Your connection is created!

Steps for configuration SAML Single-sign-on with Google identity provider:

  1. Login to main user’s account

  2. Go to the settings and click the SAML Single-Sign-on

  3. Click the Connect Identity Provider button

  1. On the opened page type a connection name

  2. Copy the Entity ID and Assertion Consumer Service URL and add to the Google workspace Service provider details page 

Note: Make sure your users are assigned to your application.

  1. Once URLs are added on the Azure AD portal, save changes and download the metadata from Azure AD portal

  1. Upload the downloaded metadata to the platform in order to complete the configuration process

  2. Click the Create Connection button

  3. Your connection is created!

Steps for configuration SAML Single-sign-on with Jump Cloud identity provider:

  1. Login to main user’s account

  2. Go to the settings and click the SAML Single-Sign-on

  3. Click the Connect Identity Provider button


  1. On the opened page type connection name

  2. Copy the Entity ID and Assertion Consumer Service URL and add to the Single Sign-On Configuration section on the Jump Cloud 

Note: Jump Cloud IdP requires to enter Entity ID URL in two fields IdP Entity ID and SP Entity ID.

Note: Make sure your users are assigned to your application.

  1. Once URLs are added on the Jump Cloud save changes and Export the metadata 

  1. Upload the exported metadata to the platform in order to complete the configuration process

  1. Click the Create Connection button

  2. Your connection is created!

Steps for configuration SAML Single-sign-on with Okta identity provider:

  1. Login to main user’s account

  2. Go to the settings and click the SAML Single-Sign-on

  3. Click the Connect Identity Provider button

  1. On the opened page type connection name

  2. Copy the Entity ID and Assertion Consumer Service URL and add to Okta IdP 

Note: Make sure your users are assigned to your application.

  1. Once URLs are added on the Okta and app creation is completed the metadata information will be available

  2. Copy the link provided by Okta and paste to appropriate filed on our portal 

  1. Click the Create Connection button

  2. Your connection is created!

P
PowerDMARC is the author of this solution article.

Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.