Single Sign On (SSO)
SSO stands for Single Sign On. It means that a single set of credentials can be used to log into different applications. This empowers the employees to access a MoEngage dashboard using the company credentials.
Some benefits of using SSO:
- Increased security and less risk of accounts being compromised
- Reduced password fatigue from managing different credentials
- Simplified authentication by using the known access directory
MoEngage supports SSO
MoEngage supports SSO via SAML 2.0 and acts as a service provider (SP) for SSO. SAML is an industry-standard protocol that allows delegation of authentication of users, similar to OAuth2.
When a user tries to login, the user is then redirected to the customer's internal or external SSO system where the authentication is performed and then returned back to MoEngage where the response is verified.
A high-level diagram of the SSO sign-in process is shown below:
Important - Only admins can enable or configure single sign-on on MoEngage.
Enable SSO for your account
1. Navigate to Settings > Security Settings
2. Click on enable SSO
3. Raise a request with the support team to enable SSO for your account.
Once your request is approved,
4. Select the identity provider -
MoEngage currently supports the following IdPs:
Even if your identity provider is not listed here, it should work with any
SAML 2.0 compliant provider.
Select other from the identity provider list and configure your IdP.
Single Sign On: Okta
In order to set up SSO using Okta:
- You must be an org admin for your organization in MoEngage.
- You must be able to configure your organization in Okta.
Now follow these setup steps:
Go to the Okta admin dashboard and click "Add Applications".
On the Add Application page click "Create New App".
In the popup select "SAML 2.0".
Enter a name for the app and optionally upload a logo for easier recognition.
On the next step you will need to enter the "Single sign on URL" (ACS URL) and "Audience URI" (Entity Id). You also need to change the "Application username" to "Email".
For the Entity ID and ACS URL, choose Okta as your identity provider in the SSO settings on MoEngage and copy-paste the details in the Okta.
After creating the app you can download the Identity Provider metadata.
8. On MoEngage, paste the metadata and click Continue.
10. Click enable to enable SSO via Okta.
11. Confirm and choose to inform the teammates about the new login process
Congratulations!! Single Sign On configured successfully for the app.
Single Sign On: Google
In order to set up SSO:
- You must be an admin for your app in MoEngage.
- You must be an administrator for your G Suite organization.
Now, follow these setup steps:
Go to the Apps section in the G Suite admin console and select "SAML apps".
Click the + button in the bottom left to add a SAML app.
In the popup click the option to create a custom app.
Continue through the app creation. Enter a name and description and optionally upload the logo for easy recognition.
On the next step, you will be prompted for the "ACS URL" and "Entity ID".
For the Entity ID and ACS URL, choose Google as your identity provider in the SSO settings on MoEngage and paste the details in the Google console.
- For the name id format in google portal - select 'email' from the drop-down.
On the final step just click "Finish" to save the app.
Download the IDP metadata.
Upload the metadata file in MoEngage and click 'Save'
Click enable to enable SSO via Google.
Confirm and choose to inform the teammates about the new login process
Congratulations!! Single Sign On configured successfully for your app.
Single Sign On: One Login
In order to set up SSO for one login:
- You must be an org admin for your account in MoEngage.
- You must be able to configure the organization in OneLogin.
Then follow these setup steps:
On the OneLogin portal, go to Applications and click add App option.
Search for SAML and select "SAML Test Connector (IdP w/ attr w/ sign response) "
Enter the name "MoEngage" and save the app.
In the configuration sections of this app, fill out the form.
For the form, choose OneLogin as your identity provider in the SSO settings on MoEngage and paste the details (Audiences, ACS (Consumer) URL Validator, ACS Consumer URL and Single Sign Out URL) in the OneLogin portal. Click Save.
From the menu 'More Actions' and select SAML metadata. A file would be downloaded.
Upload the metadata file in MoEngage and click 'Save'
Click enable to enable SSO via OneLogin.
Confirm and choose to inform the teammates about the new login processCongratulations!! Single Sign On configured successfully for your app.
New Login Process
- Select 'Login using SSO' on the login screen
- Enter your email address
Frequently Faced Issues
1. Are you facing an issue while logging in?
This generally happens when the SAML authentication with the Identity Provider fails. Please reach out to your identity provider for details.
Still facing the error?
Don’t worry! MoEngage supports a backdoor entry for the admin. The admin can log in using an email id - password combination. Admin can go back to the Single Sign On screen (Go to settings > Security Settings) and disable SSO.
2. Are you facing an issue while uploading the config file?
This generally happens when the uploaded XML file is invalid. Please try again with the correct XML file. If the issue persists, please check with your identity provider.
Enable SSO for my account
Are you interested in configuring Single Sign-On for your account? Please click here to raise a request.