SSO using SAML

Single Sign-On (SSO) allows users to log in once and gain access to multiple applications without needing to re-enter credentials. The steps may vary depending on the platform, but here’s a general guide to follow SSO in your account:

Path to Enable SSO in Userlove Settings Module → Security → Enable SSO

Configuring SAML on Okta

1. Add a New SAML Application

1. Log in to your Okta Admin Console (https://admin.okta.com).

2. Go to Applications > Applications.

3. Click Create App Integration.

4. Select SAML 2.0 and click Next.

5. Enter an App name (e.g., "Userlove") and optionally upload a logo.

6. Click Next.

2. Configure SAML Settings

1. Single Sign-On URL (ACS URL) – Enter the Assertion Consumer Service (ACS) URL provided by Userlove

2. Audience URI (Entity ID) – Enter the Entity ID provided by Userlove.

3. Name ID format – Choose EmailAddress as per Userlove requirements.

4. Application username format – Set as Okta username or Email.

5. Click Next.

3. Configure Attribute Statements (Claims)

1. Add any required attributes for authentication. Common ones include:

   • email → user.email

   • firstName → user.firstName

   • lastName → user.lastName

2. Click Next.

4. Assign Users to the Application

1. Go to Assignments > Assign Users or Groups.

2. Select users or groups that should have access.

3. Click Save.

5. Configure Okta Metadata in Userlove

1. Go to the Sign On tab of your SAML app in Okta.

2. Scroll to SAML Signing Certificates.

3. Download the Metadata XML file.

4. Provide this XML file to Userlove

6. Test SSO Integration

1. Click Test in Okta, or try logging into the application via Okta SSO.

2. If authentication is successful, the setup is complete.

Troubleshooting Tips

• Ensure the ACS URL and Entity ID match exactly with the Userlove.

• Check attribute mappings in Okta and the Userlove.

• Verify that assigned users are active in Okta.

• Use Okta logs to debug any authentication issues.

Configuring SAML on Microsoft Entra ID (Azure AD)

1. Add an Enterprise Application

1. Go to the Microsoft Entra ID portal.

2. Navigate to Enterprise Applications > + New Application.

3. Click on Create your own application, enter a name, and select Integrate any other application you don’t find in the gallery (Non-gallery).

4. Click Create and wait for the app to be added.

2. Configure Single Sign-On (SSO)

1. In the application settings, go to Single sign-on.

2. Select SAML as the authentication method.

3. Set Up Basic SAML Configuration

1. Click Edit under the Basic SAML Configuration section.

2. Enter the following details provided by Userlove.

   • Identifier (Entity ID) – Provided by the application.

   • Reply URL (Assertion Consumer Service URL) – Provided by the application.

   • Sign-on URL – (Optional) The URL where users initiate login.

   • Relay State – (Optional) Used for deep linking.

3. Click Save.

4. Configure User Attributes & Claims

1. Click Edit in the Attributes & Claims section.

2. Configure attributes as per application requirements (claims should be user.mail).

3. Add or modify claims if needed.

5. Configure SAML Signing Certificate

1. Download the Federation Metadata XML

2. Provide it to Userlove to complete the setup.

6. Assign Users & Test

1. Go to Users and groups, assign users or groups to the application.

2. Test SSO by navigating to the Test section in the SAML configuration.

Configuring SAML on Google Workspace.

1. Add a New SAML App

1. Go to Google Admin Console (admin.google.com).

2. Navigate to Apps > Web and mobile apps.

3. Click Add App > Add custom SAML app.

4. Enter an App name and click Continue.

2. Download Google SSO Metadata

1. In the Google Identity Provider details section:

   • Download the IDP metadata or copy the SSO URL, Entity ID, and Certificate.

2. Click Continue.

3. Configure Service Provider Details

1. Enter the ACS URL (Assertion Consumer Service URL) and Entity ID provided by Userlove

2. Choose Name ID format (default: EMAIL).

3. Click Continue.

4. Configure Attribute Mapping

1. Add attribute mappings based on what Userlove requires (e.g., email, first name, last name).

2. Click Finish.

5. Enable the SAML App for Users

1. Go to the SAML app settings.

2. Under User Access, enable the app for Everyone or specific groups.

6. Test and Verify SSO

1. Attempt to log in via Google SSO using the configured app.

2. If authentication is successful, the setup is complete.