With SAML-based single sign-on (SSO), users can access Propeller through an identity provider (IdP) of their choice.
How our Custom SSO works
- Custom Single Sign-On (SSO) enables customers to integrate their existing authentication systems seamlessly with Propeller.
- When a Propeller user tries to log in to Propeller using SSO, Propeller sends a SAML (Security Assertion Markup Language) request to the identity provider (IdP).
- The identity provider validates the user’s credentials and sends a response back to Propeller to confirm the user's identity.
- Propeller acknowledges the response and grants access, allowing users to log into their Propeller account. This will only happen if they are already a Propeller user.
How to Set Up SAML SSO
Please contact your account manager when you’re ready to proceed with the SSO (SAML) integration.
Since there can be a bit of back and forth when setting up SSO, please ensure you have the correct technical contact inside your organization with the access and know-how to set up the integration. Please pass on these details to your account manager and they will submit a request to our infrastructure team internally.
Here's how to set up SAML Single Sign-On (SSO) for our application:
1. Forward Metadata File
Forward the supplied metadata file to your IT team member responsible for SAML configuration.
The metadata file will need to be requested - please contact your Account manager to initiate this process.
2. Application Configuration
During application setup on your side, ensure the following:
- Name ID: Set to the user's email address.
- User Attributes:
- Forward the user's first name in a property named "first_name" (lowercase, no spaces or prefixes).
- Forward the user's last name in a property named "last_name" (lowercase, no spaces or prefixes).
3. IDP-Initiated Login (Optional)
- If you want users to log in directly through your Identity Provider (IdP), configure the following:
Relay State Parameter: Set it to <provider code name> (replace with your specific code).
4. Share Your Metadata
Once the application is configured on your end, send us your metadata file. This allows us to complete the SSO setup.
5. Testing the Connection
After receiving your metadata, we will contact you to test the SAML SSO connection.
What happens after enabling SSO?
A new sign-in button is added to the portal so users can sign in with their existing company login credentials.
This is a win for your company and the end user. As the user doesn’t have to create a new password to login, and should they leave your company they will also lose access to Propeller since their company login credentials will have been disabled.
Enabling SSO for the first time
The first time you set up SSO, existing users can keep working in Propeller without interruption. However, the next time they log out, their session expires, or they try to log in from a new device, they will be presented with the new option to login via SSO.
If a user logs in with SSO once they will no longer be able to login via the username and password methods, and must continue to login via SSO.
Other SSO login options will not be disabled for users after they login with SSO at least once. The email/password login will not work after the first SSO login.
I still can't do it!
We wrote these articles to equip you with everything you need to get the job done on your own, but we understand that sometimes this isn't sufficient.
If you're stuck, you can connect with our support team by clicking the support button on the top right corner of your user portal.