Single sign-on (SSO) is an authentication method that enables users to securely authenticate with multiple applications and websites by using just one set of credentials. If you have a Salesmate Enterprise account and have SSO set up for your business, you can require users to log in to Salesmate using their SSO credentials.
To enable SSO inside Salesmate, please follow these steps:
- Click on the Profile Icon
- Click on Setup
- Navigate to the Users & Security
- Followed by Single Sign On (SSO)
- Click on the Configure option
- Find the SAML configuration's values on the screen and paste them into your identity provider account where required.
- Copy the identified or issuer URL, the single-sign on URL, and certificate from your identity provider and paste them into the Salesmate panel.
- Click on Test
- Once the test is successful, you can come back to the SSO screen and enable it for your workspace.
Step 1 : SSO setting in Salesmate
Step 2 : Find SAML configuration values and test the connection.
Step 3: Require SSO for all users
(If you want every user to login via SSO only, then you can follow these steps.)
- Go to Setup
- Under Users and Security
- Click on Single Sign On (SSO)
- Enable "Force SSO login" option
- Click Save
Step 4: Once the SSO is enabled, you could add the Profiles that you want to exclude from SSO.
- If forced SSO login is enabled then you can login only via your identity provider
- If forced SSO scenario, Your login via password or 2FA or Google will not work
- If SSO is enabled but not forced, you can log in via password, 2FA and Google.
In Azure Active Directory:
- Login to your Azure Active Directory
- Go to Enterprise Applications in the left side bar
- Click on +Create your own application
- Type Salesmate in the What's the name of your app? text box
- Select the option: Integrate any other application you don't find in the gallery (Non-gallery)
- Once added it will show the Application Name, ID and Object ID.
- Additionally, it will give options to:
- Assign users and groups
- Set up single sign on
- Provision User Accounts
- Self Service
- Under Assign users and groups you can specify users or groups to which this application will be accessible
- Under Set up single sign on, go to SAML
- Under Set up Single Sign-on with SAML configure:
1. Basic SAML configuration
- Click Edit and copy the information from Salesmate SSO page here
- Copy the Identifier ID (Issuer / Service Provider Issuer ID) and Reply URL (Assertion Consumer Service URL / ACS URL)
2. User Attributes & Claims
- Click Edit and Add new claim
- Name: email
- Source attribute: user.mail
- Note: email is the only required claim. Other claims are optional and can be added to provide more trackable information in case of any connection failures.
- Click Edit and Add new claim
3. SAML Signing Certificate
- Download the Federation Metadata XML
- Open it in Notepad
- Search for <X509Certificate>
- Copy the key value between the attribute <X509Certificate> & </X509Certificate>
- Paste it to the Security Certificate Finger Finge field on the SSO page in Salesmate
4. Set up Salesmate
- Copy the Login URL to SAML Login URL field on the SSO page in Salesmate
- Copy the Logout URL to the Logout URL field on the SSO page in Salesmate
- 1. Basic SAML configuration
- Once completed click on "Save & Verify" button on the SSO page in Salesmate to verify the setup.
- You can also test this by clicking on the Test button from the Azure's Single Sign-on page under the section 5. Test single sign-on with Salesmate
Known Errors & Solution:
Malformed request detected!!!
- Check if the Certificate key is correctly entered
Cannot find user with the same email address
- Check if the correct claim with the name email and mapped to source attribute user.mail
In case you still facing any issues feel free to reach out our support team on chat or email us at email@example.com