Single Sign-On (SSO)

Introduction

SSO (Single Sign-On) uses a single set of credentials for logging into different applications. This empowers the employees to access a MoEngage dashboard using their company credentials.

Benefits of SSO:

- - Increased security and less risk of accounts being compromised
  - Reduced password fatigue from managing different credentials
  - Simplified authentication by using the known access directory

info	Note You may need help from your IT administrator in your organization to set up SSO for your account.

MoEngage supports SSO using SAML 2.0 and acts as an SSO Service Provider (SP). SAML is an industry-standard protocol that allows the delegation for authentication of users, similar to OAuth2.

The customer, on login, is redirected to their internal or external SSO system for authentication and then returned to MoEngage where the response is verified. Screenshot_2022-10-18_at_9.39.29_AM.png

Enable SSO

warning

Warning

Only admins can access the login settings.

Navigate to Settings > Login.
Click Single sign on.
Click Enable.
Raise a request with the support team to enable SSO for your account.
Once your request is approved, Select the identity provider :

Enable Identity Providers

MoEngage currently supports the following Identity Providers(IdP):

Okta
Google
One Login

info	Note Even if your identity provider is not listed here, it should work with any SAML 2.0 compliant provider. Select Other from the identity provider list and configure your IdP.

Set up Okta SSO

Ensure:

You are an org admin for your organization in MoEngage.
You are able to configure your organization in Okta.

To set up SSO with Okta:

Navigate to the Okta admin dashboard.
Click Add Applications.
Click Create New App.
Select SAML 2.0.
Enter a name for the app and optionally upload a logo.
Enter the Single Sign On URL (ACS URL) and Audience URL (Entity Id).
Change the Application username to Email.
In the SSO settings for MoEngage, select Okta as the IdP.
Enter the Entity ID and ACS URL.
Copy and paste the details configured in Okta.
If you'd like, you can download the Identity Provider metadata.

Screenshot_2019-11-05_at_12.42.11_PM.png

8. On MoEngage, paste the metadata and click Continue.

9. Click Enable to enable SSO via Okta.

Screenshot_2019-11-04_at_1.14.38_PM.png

10. Confirm and choose to inform teammates about the new login process

Screenshot_2019-11-14_at_1.13.02_PM.png

Set up Google SSO

Ensure:

You are an admin for your app in MoEngage.
You are an administrator for your GSuite organization

To set up SSO with Google:

Navigate to Apps in the GSuite admin console and select SAML apps.
Click + at the bottom right corner to add a SAML app.
In the popup, click Setup my own custom app.
Continue through the app creation.
Enter a name and description and optionally upload the logo for easy recognition.
In the next step, you will be prompted for the "ACS URL" and "Entity ID".
For the Entity ID and ACS URL, choose Google as your identity provider in the SSO settings on MoEngage and paste the details into the Google console.
For the ID Format, select email from the drop-down.
Select Signed Response.
Click Finish to save the app.
Download the IDP metadata.
Upload the metadata file in MoEngage and click Save.
Click enable to enable SSO via Google.
Confirm and choose to inform the teammates about the new login process.

Set up OneLogin SSO

Ensure:

You are an admin for your account in MoEngage.
You must be able to configure the organization in OneLogin.

To set up SSO with OneLogin:

On the OneLogin portal, navigate to Applications and click Add App.
Search for SAML and select "SAML Test Connector (IdP w/ attr w/ sign response)".
Enter the name "MoEngage" and save the app.
In the configuration sections of this app, fill out the form.
For the form, choose OneLogin as your identity provider in the SSO settings on MoEngage and paste the details (Audiences, ACS (Consumer) URL Validator, ACS Consumer URL, and SSO URL) in the OneLogin portal. Click Save.
From the menu More Action, select SAML metadata. This downloads a file.
Upload the metadata file in MoEngage and click 'Save'.
Click Enable to enable SSO via OneLogin.
Confirm and choose to inform the teammates about the new login process.

Login with SSO

Select Login using SSO on the login screen.

Enter your email address.

Frequently Faced Issues

1. Facing an issue while logging in?

Screenshot_2019-10-16_at_2.55.10_PM.png

Authentication Failed?

This generally happens when the SAML authentication with the Identity Provider fails. Please reach out to your identity provider for details.

Persistent Error

MoEngage supports the admin login using an email id - password combination. The Admin can go back to the Single Sign On screen (Go to settings > Security Settings) and disable SSO.

2. Facing an issue while uploading the config file?

This generally happens when the uploaded XML file is invalid. Try again with the correct XML file. If the issue persists, check with your identity provider.

info	Enable SSO for my account Please contact support@moengage.com to enable SSO for your account.