Setting up SSO for SaaSGrid

Use your SSO solution to control application access to SaaSGrid

SaaSGrid is compatible with a number of IdP/SSO solutions. Learn how to connect your integrations below.

Okta

  1. Create an application for SaaSGrid in your Okta instance by navigating to Admin > Applications > Create App Integration. Select the SAML 2.0 integration type.
  2. Once on the Create SAML Integration Page, fill in the General Settings fields and name the app "SaaSGrid". For each of Single sign-on URL and Audience URL (SP Entity ID), SaaSGrid will provide you with the correct URLs to input in these fields.
  3. Under Sign on methods, copy the Metadata URL and send this to SaaSGrid - we'll input this into the correct field on our end.
  4. In Attribute Statements (optional), map over the fields below to the corresponding fields in Okta.
    okta schemas
  5. Select Preview the SAML Assertion to confirm the metadata is structured correctly. Click Next to finish up the process.
  6. If users will be accessing SaaSGrid from the Okta applications dashboard page, then navigate to Advanced Settings and select Allow IdP-Initiated Flow.

Microsoft Entra ID (Active Directory)

  1. Navigate to the the Azure Portal and navigate to Azure Services > Enterprise Applications and select the SaaSGrid application. If you need to create a new application, select the New Application button and click on Create your own application.
  2. Assign the relevant users to the SaaSGrid application via the Assign users and groups section.
  3. In the navigation sidebar, select Overview. Under the Getting started section, select Set up single sign-on. Select SAML as the single sign-on method.
  4. SaaSGrid will give you two fields to enter into your Azure:  Reply URL (Assertion Consumer Service URL) - This is a unique identifier for your SAML connection that your IdP application needs. Identifier (Entity ID) - This is your application's URL that your IdP will redirect your users back to after they have authenticated in your IdP. Reach out to your SaaSGrid POC for these fields and enter them in the Basic SAML Configuration in Azure. Make sure to save in the modal.
  5. SaaSGrid will need your App Federation Metadata Url to connect SaaSGrid to Entra ID - you can find this on the Set up Single Sign-On with SAML page under SAML Certificates. Send this URL to your SaaSGrid POC.
  6. Map your schemas to the correct claim in Azure. The attributes and corresponding claims are listed below:  
    SaaSGrid Attribute Azure Claim
    mail user.userprincipalname
    firstName user.givenname
    lastName user.surname
    1. On the Set up Single Sign-On with SAML page, find the Attributes & Claims section. Select the Edit button. Select the email address claim (http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress) to edit the field. Next to Source attribute, select the dropdown and choose user.userprincipalname. Select Save at the top of the page.