Upsales administrators can let users sign in without a password, using other identity providers like Google or Duo.
This capability is known as single sign-on (SSO) and is made possible by the Security Assertion Markup Language (SAML). SAML is a standard for user authentication (or proving the user's identity) and authorization (confirming the user's access rights). Upsales uses SAML 2.0.
This article covers:
- How to obtain identity provider credentials
- How to set up SSO in Upsales
- How to connect with your identity provider
- How to activate SSO in Upsales
Note: Only users with Administrator access can set up SAML and single sign-on.
How to obtain identity provider credentials
Upsales supports authentication via SAML identity providers including:
- Active Directory/Azure Active Directory
- Google Apps
- Duo
- OneLogin
- Auth0
Before activating SSO in Upsales, you’ll need to retrieve the following information from your identity provider:
- The identity provider certificate
- The remote login URL
- The remote logout URL (optional)
How to set up SSO in Upsales
- Click Settings → Account → Security → Single sign-on:
- Scroll to the Add certificate field. Enter the certificate text you got from your identity provider:
- (optional) Enter the Login URL and Logout URL from your identity provider. This is where users are redirected:
- Click Save
Next, you’ll need to set up the connection with your identity provider.
How to connect with your identity provider
Upsales requires that the users’ email is bound to Name ID, which is set up with the identity provider.
The SSO screen includes a metadata.xml file that you can download to speed up the connection with some providers.
Your identity provider can advise on how to connect your Upsales SAML.
How to activate SSO in Upsales
Once the connection is set up, you're ready to activate SSO in Upsales.
Before enabling SSO, save the URL at the bottom of the SSO screen and store it in a secure location.This is an emergency URL that allows the administrator to bypass the SAML log in if the identity provider is down or is not functioning correctly. Important: After activation, the ability to login with a password will be deactivated for all users in the organisation. Users will be authenticated via SAML instead.
- Click Settings → Account → Security → Single sign-on:
- Click the Use Single Sign-on toggle on:
- Click Save to complete your SSO set-up