Set up SSO in Parta.io

This is a general step-by-step guide explaining the process of setting up single sign-on in Parta.io with your SAML 2.0 Identity Provider.

SSO can only be set up by the Owner or Admin of an company.

Prerequisites

In order to enable SSO for your company, you would need the following:

Access to your identity provider’s configuration settings;
Owner or Admin role in your Parta.io company.

Steps to enable SSO in Parta.io

In order to set up SSO for your Parta.io company with any IdP, you need to proceed according to steps given below:

Let’s go through each of these steps in detail.

1. Create Entity ID and ACS URL in Parta.io

To access the SSO settings, log in to your Parta.io account, go to the "Company Settings" page, and then click on the "Security" tab;
This will generate the Assertion Consumer Service (ACS) URL and other details such as “Entity ID” and “Email attribute”.

Keep this window open, as you may need these details for setting up the Parta.io company in your IdP in the next step.

2. Add Parta.io company in your IdP

Login to your IdP admin account;
Create a new application (also known as app or connector in some IdPs) with application name preferably as "Parta.io";
In SAML settings, you need to provide the "SSO configuration" details that you received from Parta.io in Step 1;
1. In the Single Sign-on URL field, provide the ACS URL that was generated for your company in Parta.io;
2. Use Entity ID value in your IdP in Audience URI, SP Entity ID, SAML Issuer ID, or fields similar to these;
3. Under Attribute Mapping or Attribute Statements, add the "Email attribute" value (generated in Step 1) and map the corresponding IdP value (for example user.email).

The "Email attribute" value is required for filling in the Attribute Mapping section. Otherwise, the configured integration will not work, as the email attribute is required field to be send from IdP to Parta.io to identify users.

Once you enter all the details and save your settings in IdP, you should receive IdP metadata (XML file or URL). Use these details in Step 3.

In some IdPs, you may have to assign the newly-created Parta.io application to the existing users of your IdP. You can find these settings under the Users section in IdP.

3. Upload IdP metadata in Parta.io

Go to the "IdP metadata" section in the window opened in Step 1;
Here you need to specify the IdP metadata that you received from IdP in Step 2;

4. Enable "Required SSO"

"Required SSO" setting lets you decide if you want to allow any non-IdP users (i.e., users that are not available in your IdP) to access the SSO-enabled company in Parta.io.

If you enable Required SSO, users that are not added to your IdP will not be able to access the Parta.io company. This means that users can access the company only through SSO. Exceptions: admins and owner of the company.
If you disable Required SSO, all users invited to a company will be able to access that company either through SSO or email and password.

Make sure that logging in via SSO works and is set up correctly before enabling "Required SSO" in your company.

5. Save SAML configuration

Click "Save" in the opened window to save IdP configuration;
Once added, the SAML configuration is displayed in the "Security" tab.

Use the generated SSO login link to directly go to Parta.io SSO login page. Also you can share this link with your company members.

Your IdP users cannot directly access the company if they have not been invited to this company in Parta.io.

You can disable SSO for your organization anytime by clicking the "Delete" button on this page. Once disabled, the existing users of your organization will have to use Parta.io credentials to sign in. In case the existing user does not have Parta.io credentials, the user will have to use the "Forgot your password?" link on the login page in Parta.io to create a new password for login.

6. Test SSO connection

Make sure that your IdP users are invited to the company in Parta.io (existing users must be assigned to the company added to the IdP in step #2). If users are not invited, invite them to the company in Parta.io ( see Manage Company Users for details);
Go to the SSO login page and perform a test login to the company using the Company ID;
This opens your IdP sign in page;
Sign in to your account;
On successful connection, you will be redirected to the Parta.io company dashboard.

PreviousSingle Sign-on (SSO)NextManage Company Users

Last updated 6 months ago

Was this helpful?

Set up SSO in Parta.io

This is a general step-by-step guide explaining the process of setting up single sign-on in Parta.io with your SAML 2.0 Identity Provider.

SSO can only be set up by the Owner or Admin of an company.

Prerequisites

In order to enable SSO for your company, you would need the following:

Access to your identity provider’s configuration settings;
Owner or Admin role in your Parta.io company.

Steps to enable SSO in Parta.io

In order to set up SSO for your Parta.io company with any IdP, you need to proceed according to steps given below:

Let’s go through each of these steps in detail.

1. Create Entity ID and ACS URL in Parta.io

To access the SSO settings, log in to your Parta.io account, go to the "Company Settings" page, and then click on the "Security" tab;
This will generate the Assertion Consumer Service (ACS) URL and other details such as “Entity ID” and “Email attribute”.

Keep this window open, as you may need these details for setting up the Parta.io company in your IdP in the next step.

2. Add Parta.io company in your IdP

Login to your IdP admin account;
Create a new application (also known as app or connector in some IdPs) with application name preferably as "Parta.io";
In SAML settings, you need to provide the "SSO configuration" details that you received from Parta.io in Step 1;
1. In the Single Sign-on URL field, provide the ACS URL that was generated for your company in Parta.io;
2. Use Entity ID value in your IdP in Audience URI, SP Entity ID, SAML Issuer ID, or fields similar to these;
3. Under Attribute Mapping or Attribute Statements, add the "Email attribute" value (generated in Step 1) and map the corresponding IdP value (for example user.email).

Once you enter all the details and save your settings in IdP, you should receive IdP metadata (XML file or URL). Use these details in Step 3.

In some IdPs, you may have to assign the newly-created Parta.io application to the existing users of your IdP. You can find these settings under the Users section in IdP.

3. Upload IdP metadata in Parta.io

Go to the "IdP metadata" section in the window opened in Step 1;
Here you need to specify the IdP metadata that you received from IdP in Step 2;

4. Enable "Required SSO"

"Required SSO" setting lets you decide if you want to allow any non-IdP users (i.e., users that are not available in your IdP) to access the SSO-enabled company in Parta.io.

If you enable Required SSO, users that are not added to your IdP will not be able to access the Parta.io company. This means that users can access the company only through SSO. Exceptions: admins and owner of the company.
If you disable Required SSO, all users invited to a company will be able to access that company either through SSO or email and password.

Make sure that logging in via SSO works and is set up correctly before enabling "Required SSO" in your company.

5. Save SAML configuration

Click "Save" in the opened window to save IdP configuration;
Once added, the SAML configuration is displayed in the "Security" tab.

Use the generated SSO login link to directly go to Parta.io SSO login page. Also you can share this link with your company members.

Your IdP users cannot directly access the company if they have not been invited to this company in Parta.io.

You can disable SSO for your organization anytime by clicking the "Delete" button on this page. Once disabled, the existing users of your organization will have to use Parta.io credentials to sign in. In case the existing user does not have Parta.io credentials, the user will have to use the "Forgot your password?" link on the login page in Parta.io to create a new password for login.

6. Test SSO connection

Make sure that your IdP users are invited to the company in Parta.io (existing users must be assigned to the company added to the IdP in step #2). If users are not invited, invite them to the company in Parta.io ( see Manage Company Users for details);
Go to the SSO login page and perform a test login to the company using the Company ID;
This opens your IdP sign in page;
Sign in to your account;
On successful connection, you will be redirected to the Parta.io company dashboard.

PreviousSingle Sign-on (SSO)NextManage Company Users

Last updated 6 months ago

Was this helpful?