WebsiteBlogLogin

Single Sign-On (SSO) with SAML

Note that you'll only see this section if you have Admin or Owner user permissions. Learn more about permissions in this article.

Overview

SAML (Security Assertion Markup Language) is an open standard for authentication and authorization between a service provider and an identity provider and is commonly used to implement a single sign-on (SSO) service. By using this SSO service, there is no need to type in credentials or remember passwords.

  • Authentication - The service provider agrees to trust the identity provider to authenticate users.

  • Authorization - Upon request, the identity provider generates an authentication assertion. This means that the user has been successfully authenticated, and the service provider can grant the user access to certain systems or content.

Enable Onum as a service provider

If you're an admin user, follow these steps to activate SAML authentication for the users in your tenant:

1

Open the global settings menu by clicking your user icon at the bottom left of the screen.

2

Click any of the options and select Authentication in the menu that appears.

3

Once there, click the Configure Single-Sign-On button.

4

Choose SAML in the Authentication method field. You'll be prompted to enter the following information provided by your identity provider:

Parameter
Description

IdP Entity ID*

A globally unique identifier for your Identity Provider (IdP). It lets the Service Provider know which IdP is trying to authenticate users. This is usually a URL (e.g., https://idp.example.com/metadata) or a URN (e.g., urn:example:idp).

Single Sign-On URL*

The actual endpoint on the IdP where authentication requests are sent. When a user tries to log in, the SP redirects their browser to this URL so the IdP can handle the login. This is always an HTTPS URL (e.g., https://idp.example.com/idp/profile/SAML2/Redirect/SSO).

Certificates

A public X.509 certificate provided by the IdP. The Service Provider uses it to verify that the SAML responses and assertions originated from your IdP and haven’t been tampered with. It must be a PEM-encoded certificate block like:

-----BEGIN CERTIFICATE----- MIIDdzCCAl+gAwIBAgIEbEwYpzANBgkqhkiG9w0BAQsFAD... -----END CERTIFICATE-----

5

Click Save once you're done. You'll be given a Callback URL.

This is the endpoint on the Service Provider (the app you’re integrating) that receives the SAML response from your IdP after a user logs in. You'll need to paste the Callback URL into the application’s configuration. This ensures the IdP sends login responses back to the correct Service Provider endpoint.

You have now set Single Sign-On authentication in your tenant. You can click Reset configuration if you did something wrong or need to update any information.

Sign in with Single Sign-On authentication

Once you have activated Single Sign-On authentication in your tenant, users will see a Sign in with SSO button in their Onum login screens.

They will need to enter the Tenant slug, which will redirect users to their identity provider and complete the login flow properly.

PreviousTwo-factor AuthenticationNextUse Google as your Identity Provider

Last updated

Was this helpful?