Single Sign-On (SSO)

Introduction

SSO (Single Sign-On) uses a single set of credentials for logging into different applications. This empowers the employees to access a MoEngage dashboard using their company credentials. 

Benefits of SSO:

      • Increased security and less risk of accounts being compromised
      • Reduced password fatigue from managing different credentials
      • Simplified authentication by using the known access directory 
info

Note

You may need help from your IT administrator in your organization to set up SSO for your account.

MoEngage supports SSO using SAML 2.0 and acts as an SSO Service Provider (SP). SAML is an industry-standard protocol that allows the delegation for authentication of users, similar to OAuth2.  

The customer, on login, is redirected to their internal or external SSO system for authentication and then returned to MoEngage where the response is verified. Screenshot_2022-10-18_at_9.39.29_AM.png 

Enable SSO

warning

Warning

Only admins can access the login settings.

  1. Navigate to Settings > Login.
  2. Click Single sign on.
     SingleSignOn_Settings.png
  3. Click Enable.
    SSO_Page.png
  4. Raise a request with the support team to enable SSO for your account. 
  5. Once your request is approved, Select the identity provider :Screenshot_2019-11-04_at_2.14.55_PM.png

Enable Identity Providers

MoEngage currently supports the following Identity Providers(IdP):

info

Note

Even if your identity provider is not listed here, it should work with any
SAML 2.0 compliant provider. Select Other from the identity provider list and configure your IdP.

Set up Okta SSO

Ensure:

  • You are an org admin for your organization in MoEngage.
  • You are able to configure your organization in Okta.

To set up SSO with Okta:

  1. Navigate to the Okta admin dashboard.

  2. Click Add Applications.

    an_okta_1_admin.png

  3. Click Create New App.

    an_okta_2_create_app.png

  4. Select SAML 2.0.

    an_okta_3_saml2.png


  5. Enter a name for the app and optionally upload a logo.

    an_okta_4_name.png

  6. Enter the Single Sign On URL (ACS URL) and Audience URL (Entity Id). 

  7. Change the Application username to Email.

    Screenshot_2019-11-04_at_1.05.03_PM.png

  8. In the SSO settings for MoEngage, select Okta as the IdP.

  9. Enter the Entity ID and ACS URL. 
    Copy and paste the details configured in Okta.

    Screenshot_2019-11-04_at_1.13.15_PM.png

  10. If you'd like, you can download the Identity Provider metadata.

Screenshot_2019-11-05_at_12.42.11_PM.png

8. On MoEngage, paste the metadata and click Continue.

9. Click Enable to enable SSO via Okta. 

Screenshot_2019-11-04_at_1.14.38_PM.png

10. Confirm and choose to inform teammates about the new login process

Screenshot_2019-11-14_at_1.13.02_PM.png

Set up Google SSO

Ensure:

  • You are an admin for your app in MoEngage.
  • You are an administrator for your GSuite organization

To set up SSO with Google:

  1. Navigate to Apps in the GSuite admin console and select SAML apps.

    an_gsuite_1_apps.png

  2. Click + at the bottom right corner to add a SAML app.

    Screenshot_2019-11-05_at_2.27.30_PM.png

  3. In the popup, click Setup my own custom app.

    Screenshot_2019-11-05_at_2.31.09_PM.png

  4. Continue through the app creation.
    Enter a name and description and optionally upload the logo for easy recognition.

    Screenshot_2019-11-05_at_2.32.02_PM.png

  5. In the next step, you will be prompted for the "ACS URL" and "Entity ID".

    Screenshot_2019-11-05_at_2.32.57_PM.png

  6. For the Entity ID and ACS URL, choose Google as your identity provider in the SSO settings on MoEngage and paste the details into the Google console.  Screenshot_2019-11-04_at_1.21.35_PM.png

  7. For the ID Format, select email from the drop-down. 
  8. Select Signed Response. image.png
  9. Click Finish to save the app.

    Screenshot_2019-11-05_at_2.33.41_PM.png

  10. Download the IDP metadata.

    Screenshot_2019-11-05_at_2.34.22_PM.png

  11. Upload the metadata file in MoEngage and click Save.

    Screenshot_2019-11-04_at_1.23.54_PM.png

  12. Click enable to enable SSO via Google. Screenshot_2019-11-04_at_1.28.29_PM.png

  13. Confirm and choose to inform the teammates about the new login process.

    Screenshot_2019-11-14_at_1.13.02_PM.png

Set up OneLogin SSO

Ensure:

  • You are an admin for your account in MoEngage.
  • You must be able to configure the organization in OneLogin.

To set up SSO with OneLogin:

  1. On the OneLogin portal,  navigate to Applications and click Add App.Screenshot_2019-11-14_at_2.14.30_PM.png

  2. Search for SAML and select "SAML Test Connector (IdP w/ attr w/ sign response)".

  3. Enter the name "MoEngage" and save the app.

  4. In the configuration sections of this app, fill out the form. 

  5. For the form, choose OneLogin as your identity provider in the SSO settings on MoEngage and paste the details (Audiences, ACS (Consumer) URL Validator, ACS Consumer URL, and SSO URL) in the OneLogin portal. Click Save. Screenshot_2019-11-14_at_1.24.35_PM.png

  6. From the menu More Action,  select SAML metadata. This downloads a file. Screenshot_2019-11-14_at_1.34.19_PM.png

  7. Upload the metadata file in MoEngage and click 'Save'.

    Screenshot_2019-11-04_at_1.23.54_PM.png

  8. Click Enable to enable SSO via OneLogin. 

  9. Confirm and choose to inform the teammates about the new login process.Screenshot_2019-11-14_at_1.13.02_PM.png

Login with SSO

  1. Select Login using SSO on the login screen.

    LoginPage.png

  1. Enter your email address.

  SSOLogin.png

Frequently Faced Issues

1. Facing an issue while logging in?

Screenshot_2019-10-16_at_2.55.10_PM.png

 Authentication Failed?

This generally happens when the SAML authentication with the Identity Provider fails. Please reach out to your identity provider for details. 

Persistent Error

MoEngage supports the admin login using an email id - password combination. The Admin can go back to the Single Sign On screen (Go to settings > Security Settings) and disable SSO. 

2. Facing an issue while uploading the config file? Screenshot_2019-11-14_at_2.17.20_PM.png

 

This generally happens when the uploaded XML file is invalid. Try again with the correct XML file. If the issue persists, check with your identity provider. 

info

Enable SSO for my account

Please contact to enable SSO for your account.

Was this article helpful?
9 out of 16 found this helpful