Setting up other SAML IdP (SSO)

Created by Aye Myat, Modified on Mon, 9 Feb at 11:02 PM by Alsabana Sahubarali

Objective

The purpose of this article is to provide direction to Outreach Admins in configuring a SAML IdP SSO. 

Outreach is now compatible with Single Sign On (SSO) applications like Okta, Salesforce, and Onelogin. This article is specific to connecting a SAML IdP other than Okta, Salesforce and Onelogin, but if you would like to connecting those applications, you can follow the hyperlinks below:

Applies To

Outreach users with:

  • The ability to create an application inside of your IdP
  • Outreach Admin Privileges
  • If the SSO Provider is Ping Federate, it must be configured to include Certification Keyinfo=True.

Procedure

Create IdP application:

1.1 Create an application inside your IdP and use some “placeholder” values for the following typical settings:

  • ACS URL / Single Sign On URL (e.g. http://outreachfake.com)
  • Audience URI / Service Provider Entity ID (e.g. fake_change_later)

In step 3 below, you will come back to fill in the correct values for the above fields.

1.2 After creating the application inside your IdP, please take note of its “Issuer," “SP-Initiated POST Endpoint”, and the “Idp Certificate”. You will use them in Step 2.3 below.

Step 2. Create the Identity Provider inside Outreach Accounts

  1. Click Administration > User management > Sign-in.
  2. Click Edit.
  3. If it is an org without Idp setup, click Add Identity Provider
    Image_2019-06-07_at_1.54.26_PM.png
  4. Add the requested identity provider information

The information requested in this section is from step 1.2 above.

Image_2019-06-12_at_4.44.39_PM.png

Note: The above screenshot contains two advanced settings: "Use NameId Instead of Email" and "Enable just-in-time new user provision". We do NOT recommend checking these options unless the functions of each are understood and needed by your organization. You can read more on these advanced settings in Advanced Settings For Identity Provider (SSO)

2.4 Retrieve setup information from Outreach to put into your IdP provider

Now find the “Setup Info” section. Copy the  “Setup Info”: “ACS URL” and “Service Provider Entity ID” information. You will update the IdP application with this information in step 3 below.

Image_2019-06-10_at_2.20.07_PM.png

NOTE: This screenshot says “Okta”, but the screen will look similar for other other IdP applications.

Step 3. Update IdP application

Now go back to your IdP application you created in step 1, and update the application settings:

  • ACS URL / Single Sign On URL: Use the value for "(ACS) URL” from step 2.4
  • Audience URI / Service Provider Entity ID: Use the value for “Service Provider Entity ID” from step 2.4

Step 4. Enable SSO inside Outreach Accounts

4.1 Return to your Outreach account and click “Test” to see if the identity provider is set up correctly.

Image_2019-06-10_at_2.36.15_PM.png

If successful, you should see a success page. Please examine the “User email” and make sure it matches with user login email inside Outreach.

Image_2017-08-09_at_9.46.34_AM.png

4.2 Click “Back”, check “Enable”, and click “Save”.

Note: This screenshot says “Okta”, but the screen will look similar for other other IdP applications.

Image_2019-06-10_at_2.39.35_PM.png

Congrats! SSO is now enabled!



Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article

Preview
0 of 0