- 18 Jun 2024
- 1 Minute to read
- Print
- DarkLight
- PDF
Setting up SAML 2.0
- Updated on 18 Jun 2024
- 1 Minute to read
- Print
- DarkLight
- PDF
Inside this article:
SSO and Onna
SAML 2.0 Configuration Guides
SSO and Onna
Onna offers Single Sign On (SSO) integration through SAML 2.0 (Secure Assertion Markup Language) with a variety of compliant identity providers (such as Okta, Gsuite, Azure, OneLogin, PingOne) allowing you to leverage your existing user base and authentication mechanism to use the platform. There are only a few steps required to configure your IdP using the Onna Admin dashboard.
Our guides below walk you through setting up Onna as a Service Provider (SP). You will fill-in information about your Identity Provider (IdP), the external 3rd party which your users will sign-in through and will return credentials back to Onna in the form of a SAML assertion. On the other end, you will also need to configure your IdP to establish communication with the Onna SP.
SAML 2.0 Configuration Guides
Azure
CyberArk
Duo
Google Workspace
Okta
OneLogin
Ping Identity
Ping One
All FAQ are moved to the community.
FAQ
Why am I now receiving 403 errors after I was able to log into Onna via SSO ?
Users may encounter an issue where they see a 403 error when accessing Onna but were previously able to log into Onna via SSO. The 403 error may occur if you have Google as your IdP and are logged in to just one Google account in Chrome but not the one tied to your SSO account in Onna. To address the issue the user will need to login to the appropriate Google account that is tied to Onna.
Does Onna Support SCIM?
We support SSO and parts of SCIM. By default, we will create a user who attempts to login via SSO if that user is provisioned in your IdP. If that user is de-provisioned for Onna in your IdP, then they will not be able to sign in, but we will not know to disable the account in Onna. The auto-creation of a provisioned account can also be disabled in Onna, but currently only by our team. Please contact support if you need to disable a provisioned account.