SAML/Enterprise SSO

PropelAuth’s SAML SSO support allows your users to connect their organizations to their own identity provider (e.g. Okta, Azure AD, JumpCloud, etc).

As an example, lets say you have a customer “Acme Co”. Acme uses Okta as their identity provider, meaning that all employees at the company have an account with Okta. New employees are onboarded to Okta and exiting employees are removed.

A SAML connection between your product and Acme allows employees at Acme to sign in to your product with their existing work accounts.

SAML Login

No need to write any extra code

PropelAuth’s libraries have a concept of an organization. Users are added to these organizations via invitations or joining by their domain.

One of the best things about our SAML integration is that your code doesn’t need to change at all when you close your first enterprise customer. SAML is an implementation detail of how an organization manages their users within your product. Any code you write that deals with organizations will work, regardless of the method that organization uses to manage its members.

Enabling SAML

To enable SAML for your PropelAuth project, go to the Organization Settings page in your PropelAuth dashboard. Once you've enabled SAML on the project-level, you can choose which of your organization should have access by going to the Organizations page and select an organization, then checking the "Can this organization set up SAML?" checkbox.

Alternatively, you can enable SAML for an organization programmatically via the Enable SAML for Org API call.

SAML Org Page

User Guide to SAML Setup

Once you have enabled SAML for an organization, your users can start setting up SAML with their identity provider. In the Roles and Permissions page in your PropelAuth dashboard, you can choose which roles (Owner, Admin, etc) are able to manage SAML connections.

Any user with the manage a SAML / Enterprise SSO connection for their organization permission can then start the process of connecting to their identity provider. This starts in your user's account page in their organization's settings tab.

Account Page

Your users then have the choice to set up SAML with the following identity providers:

  • Google
  • Okta
  • Azure
  • OneLogin
  • JumpCloud
  • Duo
  • Rippling

PropelAuth provides your users with detailed walkthroughs for each identity provider, ensuring they have a smooth and pain-free experience!

Sample Okta Guide

After completing the connection setup, test mode automatically activates. Once your users have reviewed their configuration and mappings, they can click Finish & go live to activate the SAML connection.

SAML Finishing Setup

Signing in with SAML

When your users have finished the SAML setup process, PropelAuth automatically provides a login link that your users can use to log in directly to your application.

Alternatively, users can access your login page and click on Sign in with SSO to begin the SAML login flow, first prompting them to provide the name of their organization and then redirecting them to their identity provider.