![Iconmark - Blue.png]](https://learn.onboard.io/hs-fs/hubfs/Iconmark%20-%20Blue.png?width=40&height=40&name=Iconmark%20-%20Blue.png){kind=small}
Setting Up SSO for your Team Members
Single Sign On for your Identity Provider to sign in to Onboard
📌 Note: Single Sign-On (SSO) is a powerful feature that allows your team members to access Onboard using a single set of login credentials. Setting up SSO requires expertise and access to your company's single sign-on provider. It also involves some technical work to configure and implement.
Setting up Google Workspace Authentication
Step 1: Google Console: Register a new application
To learn how to register a new application with Google. During this process, Google will generate a Client ID and Client Secret for your application; make note of these.
For more details: see Google's Setting up OAuth 2.0 doc.
To create an OAuth 2.0 client ID in the console:
- Go to the API Console.
- From the projects list, select a project or create a new one.
- If the APIs & services page isn't already open, open the console left side menu and select APIs & services.
- On the left, click Credentials.
- Click New Credentials, then select OAuth client ID.
- Select the the "Web Application" application type for your project and enter the following additional information required.
Field Description Name The name of your application. (This can be anything you'd like ex. "Onboard SSO") Authorized JavaScript origins https://auth.onboard.io/ Authorized redirect URIs https://auth.onboard.io/login/callback - If this is your first time creating a client ID, you can also configure your consent screen by clicking Consent Screen. (The following procedure explains how to set up the Consent screen.) You won't be prompted to configure the consent screen after you do it the first time.
- Click Create client ID
You'll be provided with the OAuth app credentials to use in the next step.
Step 2: Provide Onboard settings for SSO
Provide Onboard with your
-
Sign In URL
(ex. https://accounts.google.com/o/saml2/idp?idpid=YOURIDPID) - User ID Attribute URL
Optional: This is the attribute in the SAML token that will be mapped to the user_id property in Auth0.
(ex. https://accounts.google.com/o/saml2?idpid=YOURIDPID) -
X509 Signing Certificate Generated by your SSO Provider
Please contact support@onboard.io and we will provide assistance setting this up.
Note: There may be other settings based on your Workspace settings. Onboard will work with your team to set it up.
Setting Up a SAML provider (custom)
In order to set up a SAML provider, you'll need to provide the Onboard team with the identity provider data.
Typically for SAML, the minimal attributes we need are:
-
Sign In URL
(ex. https://accounts.google.com/o/saml2/idp?idpid=YOURIDPID) - User ID Attribute URL
Optional: This is the attribute in the SAML token that will be mapped to the user_id property in Auth0.
(ex. https://accounts.google.com/o/saml2?idpid=YOURIDPID) -
X509 Signing Certificate Generated by your SSO Provider
Please contact support@onboard.io and we will provide assistance setting this up.
This requires an Essentials plan (with the SSO Add-on) or the Pro Plan (included), and the Onboard team will work closely with you to set it up.