Description:
This documentation describes the SAML Single-sign-on feature guide for the account/user. The document includes detailed steps for activation of the DMARC SSO feature, information about permissions that can affect access to this feature as well as configuration steps for Azure AD, Google Workspace, Onelogin, Jump Cloud, and Okta identity providers.
In order to get access to the SAML Single-sign-on for the account/user, the following steps should be completed:
The subscription plan should support SAML Single-sign-on
Account is active
Super admin of account and users are active
Steps for configuration SAML Single-sign-on with Onelogin identity provider:
Login to the main user’s account
Go to the settings and click the SAML Single-Sign-on
Click the Connect Identity Provider button
On the opened page type the connection name
Copy the Assertion Consumer Service URL and add it to the Onelogin app configuration page
Note: Onelogin IdP requires only ACS URL, so no need to provide Entity id URL.
Download the SAML metadata from IdP after adding ACS URL
Upload the downloaded metadata to the platform in order to complete the configuration process
Click the Create Connection button
Your connection is created!
Note: Make sure your users are assigned to your application.
After creating the connection, the main user of the account and sub-users are getting an opportunity for signing in via SAML SSO.
Note:
There is an opportunity to specify your domains which will be used to sign in via SAML SSO. For instance, if add gmail.com it means only the email addresses registered on the platform and the IdP side which include gmail.com will be allowed to sign in via SSO. If the domains are not added, all your email addresses will be allowed to sign in via a SAML connection.
Steps for sign-in via SAML SSO:
Before Signing in via SAML SSO make sure your users on our platform and IdP side are added and their email addresses are the same on both sides.
Navigate to manage user in our platform
Edit user and switch the toggle to ON
Navigate to Sign in page and click the Sign in with SSO link
Enter your email address and click the Continue button
You will be redirected on the Onelogin side to provide the username and password
After passing the authentication on the Onelogin side you will be redirected to your account on our platform
Note: After enabling SAML SSO, the main user of account can sign in using SAML SSO, credentials, or OAuth. However, sub-users can only sign in using SAML SSO if it's enabled for them by toggle.They cannot sign in using credentials or OAuth when SAML is enabled for them.
Adding new user to the account with turned ON SAML SSO toggle.
While adding a new user to your account you can switch the SSO toggle to ON and provide only the email address but take into consideration that the password will not be specified and user will be able to sign in only using SAML SSO connection.
Steps for configuration SAML Single-sign-on with Azure AD identity provider:
Login to main user’s account
Go to the settings and click the SAML Single-Sign-on
Click the Connect Identity Provider button
On the opened page type connection name
Copy the Entity ID and Assertion Consumer Service URL and add to the Azure AD Set up Single Sign-On with SAML page
Once URLs are added on the Azure AD portal save changes and download the metadata from Azure AD portal
Note: Make sure your users are assigned to your application.
Upload the downloaded metadata to the platform in order to complete the configuration process
Click the Create Connection button
Your connection is created!
Steps for configuration SAML Single-sign-on with Google identity provider:
Login to main user’s account
Go to the settings and click the SAML Single-Sign-on
Click the Connect Identity Provider button
On the opened page type a connection name
Copy the Entity ID and Assertion Consumer Service URL and add to the Google workspace Service provider details page
Note: Make sure your users are assigned to your application.
Once URLs are added on the Azure AD portal, save changes and download the metadata from Azure AD portal
Upload the downloaded metadata to the platform in order to complete the configuration process
Click the Create Connection button
Your connection is created!
Steps for configuration SAML Single-sign-on with Jump Cloud identity provider:
Login to main user’s account
Go to the settings and click the SAML Single-Sign-on
Click the Connect Identity Provider button
On the opened page type connection name
Copy the Entity ID and Assertion Consumer Service URL and add to the Single Sign-On Configuration section on the Jump Cloud
Note: Jump Cloud IdP requires to enter Entity ID URL in two fields IdP Entity ID and SP Entity ID.
Note: Make sure your users are assigned to your application.
Once URLs are added on the Jump Cloud save changes and Export the metadata
Upload the exported metadata to the platform in order to complete the configuration process
Click the Create Connection button
Your connection is created!
Steps for configuration SAML Single-sign-on with Okta identity provider:
Login to main user’s account
Go to the settings and click the SAML Single-Sign-on
Click the Connect Identity Provider button
On the opened page type connection name
Copy the Entity ID and Assertion Consumer Service URL and add to Okta IdP
Note: Make sure your users are assigned to your application.
Once URLs are added on the Okta and app creation is completed the metadata information will be available
Copy the link provided by Okta and paste to appropriate filed on our portal
Click the Create Connection button
Your connection is created!