Note: In order to configure SSO for your organization, you must have an Identity Provider (IdP) set up. This could be one of many existing providers (Okta, OneLogin, Auth0, Google G-Suite, ActiveDirectory, etc.) Please reach out to your Support team for assistance.
SSO for your Organization
If your organization requires additional security when using Estateably, it is possible to enforce Single Sign-on (SSO). SSO is a way for companies to centralize providing access to services and products without having employees sign-up separately to each one of them.
Once SSO is enabled, users that input an email that match the company domain will be prompted to log in with the same single sign-on credentials as they would for other services that use SSO.
Once SSO is enabled, it becomes the default authentication method. If you have some users who need access to your Estateably team account, you will need to associate their email address to your identity provider (IdP). We also support Just In Time (JIT) provisioning.
We support two different SSO protocols:
- SAML 2.0
- SCIM
Below is an overview of the protocols we support, as well as the steps to configure SSO for your organization.
SAML
In SAML terminology, Estateably is a Service Provider (SP) and will need to communicate with your SAML Identity Provider (IdP) in order to sign in and receive the user’s information.
Configuration Steps
- Log in to your Estateably account.
- Click the Settings gear icon located in the top menu bar.
- Click on the Single Sign-On section found in the left menu.
- To enable Single Sign-On, click the checkbox Set up SSO with a Third-party Identity Provider
-
Enter the Identity Provider Name. The input in this field will title the SSO login button found on the login page (eg. Okta).
- Then you have to get the SSO configuration from your Identity Provider (e.g Okta) and configure the following fields (required):
- Identity Provider Single-Sign-On URL
- Identity Provider Issuer
- Identity Provider Certificate
- Optionally, you may enter a Forgot Password URL that will redirect users outside of Estateably and to their Identity Provider.
- Finally Save your changes
If you encounter any issues or if you have any questions, please do not hesitate to reach out to our Support Team.
SCIM
SCIM, or System for Cross-domain Identity Management, is an open standard that allows for the automation of user provisioning / deprovisioning. It allows to easily manage the people on your team and the groups they belong to.
- Generate an API Key
- Copy the API Key generated
- Save the changes
- Configure your Identity Provider (e.g Okta) with the API Key
If you encounter any issues or if you have any questions, please do not hesitate to reach out to our Support Team.
Comments
Please sign in to leave a comment.