Single Sign-On is an authentication system that enables users to securely login to multiple independent software systems by logging in only once into a managed authentication system. This means your users need to remember only one user ID and password but without any risk to your security.
The managed authentication system is called Identity Provider (or IdP, example G-Suite) and the applications that rely on this Identity Provider are called Service Providers (SP, example Synup).
Setting up SSO for your Synup account ensures that your employees can log in into Synup using an identity provider of your choice, such as G-Suite, and not have to create another login ID and password for Synup separately.
To learn more about SSO and how SAML SSO works with Synup, please read this article.
Step-by-step configuration guide to set up SAML SSO in your Synup account
If you wish to set up SAML SSO for your Synup account, ensure you have admin access.
To set up SSO:
- Click on your profile icon on the top right of the screen and select Settings
- Navigate to People → Single Sign-On and Click on Enable SSO
- Once you click on Enable SSO, four new fields appear.
- Copy the ACS URL and Entity ID from Synup and provide it to your IdP to configure your SSO.
- Assertion Consumer Service (ACS) URL: You need to provide your identity provider this URL. This is the public endpoint exposed by the Service Provider (in this case, Synup) that the IdP will post the SAML response to. Note - This is an auto-generated URL/link by Synup.
- Entity ID: This entity ID is a unique identifier for your Synup account. Your IdP will use this to enable your employees to login into your Synup account. Note - This is an auto-generated URL/link by Synup.
- On the IdP side, once you configure Synup as a Service Provider, you will be given values for these two entries that you need to configure in your Synup account:
- Certificate: If a user logs in successfully, the response from your IdP to Synup needs to be validated. This is the public portion of the certificate used to sign the SAML response so Synup can validate the IdP response before the user logs in.
- Identity Provider URL: Users who have not signed into Synup yet will be directed to this URL from your IdP to validate their credentials and sign in.
- Copy values in step 4 from Synup and paste them into relevant fields in your IdP’s page.
- Copy values in step 5 from your IdP and paste them in the SSO configuration page in Synup.
- Click on “Save SSO Details” to save this configuration and ensure your details are saved with the IdP too.
- Once the details are saved, you can test your SSO setup by clicking on “Test SSO integration”.
Testing your SSO setup
Clicking on the “Test SSO integration” button brings you to the testing page which shows you
- Your current sign-in status using an Identity Provider
- Your ACS URL
- Your Service Provider Entity ID and
- Your IdP URL
To test this setup,
- Click on “Sign in with Identity Provider”
- You will be directed to your Identity Provider’s login page. For example, if you use G-Suite, you will be sent to G-Suite’s page. Enter your login credentials for Google and click on Sign In.
If the SSO has been configured correctly and if you have entered your credentials for your IdP correctly (in this example, your G-Suite login ID and password), the SSO Test page will display the message “Your sign-in was successful”