Skip to main content

Single sign-on setup and configuration

Alexander Wulkan avatar
Written by Alexander Wulkan
Updated over a month ago

This feature is available for users with "Organization Administrator" permissions on Core, Advanced and Enterprise account plans.

Note: In order to configure SSO for your organization, you must have an Identity Provider (IdP) set up. This could be one of many existing providers (Okta, OneLogin, Auth0, Google G-Suite, ActiveDirectory, etc.) Please reach out to your Support team for assistance.

SSO for your Organization

If your organization requires additional security when using Estateably, it is possible to enforce Single Sign-on (SSO). SSO is a way for companies to centralize providing access to services and products without having employees sign up separately for each one of them.

Once SSO is enabled, users who input an email matching the company domain will be prompted to log in with the same single sign-on credentials as they would for other services that use SSO.

Once SSO is enabled, it becomes the default authentication method. If you have some users who need access to your Estateably team account, you must associate their email address to your identity provider (IdP). We also support Just In Time (JIT) provisioning.

To enable SSO for your organization, follow these steps:

We support two different SSO protocols: SAML 2.0 and SCIM.

SAML

In SAML terminology, Estateably is a Service Provider (SP) and will need to communicate with your SAML Identity Provider (IdP) in order to sign in and receive the user’s information.

Configuration Steps

  1. Log in to your Estateably account.

  2. Click the Settings gear icon located in the top menu bar.

  3. Click on the Single Sign-On section on the left menu.

  4. To enable Single Sign-On, click the checkbox Set up SSO with a Third-party Identity Provider

  5. Enter the Identity Provider Name. The input in this field will title the SSO login button found on the login page (eg. Okta).

  6. Then you have to get the SSO configuration from your Identity Provider (e.g Okta) and configure the following fields (required):

    • Identity Provider Single-Sign-On URL

    • Identity Provider Issuer

    • Identity Provider Certificate

  7. Optionally, you may enter a Forgot Password URL that will redirect users outside of Estateably and to their Identity Provider.

  8. Finally, Save your changes

If you encounter any issues or if you have any questions, please do not hesitate to reach out to our Support Team.

SCIM

SCIM, or System for Cross-domain Identity Management, is an open standard that automates user provisioning and de-provisioning. It allows you to easily manage your team's members and their groups.

If you wish to automate user and group provisioning/deprovisioning, as well as updating user and group data from your Identity Provider (IdP):

  1. Generate an API Key

  2. Copy the API Key generated

  3. Save the changes

  4. Configure your Identity Provider (e.g Okta) with the API Key

If you encounter any issues or if you have any questions, please do not hesitate to reach out to our Support Team.

Related Articles
Setting Up the Email Integration With Your Provider
OneLogin SSO Configuration
Microsoft Entra ID SSO Configuration
Okta SSO configuration
Did this answer your question?