Links
Comment on page

Enabling Single Sign-On

Overview

Single Sign On (SSO) delegates authentication to a 3rd party identity provider such as Okta, Google Workspace, or Azure AD. Abbey supports SSO via the use of a standardized authentication protocol, SAML.
Abbey currently supports SSO via Google Workspace and Okta, with more providers on the way.

Setup

Google Workspace

  1. 1.
    Navigate to the SSO Page under https://app.abbey.io/
SSO Connections
  1. 2.
    Go to Google Workspaces and navigate to Apps -> Web and mobile apps
Web and Mobile Apps
  1. 3.
    Click Add app -> Add custom SAML app
  1. 4.
    Enter in basic details about your SAML Application
Basic App Info
  1. 5.
    Now you'll be presented with a screen in the Google Admin console with Identity Provider information. Use that to create a new SSO connection in Abbey.
Identity Provider Metadata
  1. 6.
    Click on New SSO Connection and fill in the information presented above
New SSO Connection
  1. 7.
    Now you'll see your new SSO connection. Click on it to get the URLs needed by Google Workspaces to finish the SSO connection process.
Connection Created
URLs needed by Google Workspace
  1. 8.
    Copy over those values into the next screen for the Google Workspace setup
Service Provider Details
  1. 9.
    Finish the wizard
Finish the wizard
  1. 10.
    Grant permission to users who you want to grant Abbey access to the permission to use the new SAML app you created
Example of turning Abbey on for everyone
  1. 11.
    Click the Activate slider to activate the SAML Connection. Confirm in the modal.

Okta

  1. 1.
    Navigate to the SSO page
SSO Connections
  1. 2.
    Create a new SSO Connection but do not fill in the IDP SSO URL, IDP Entity ID, and IDP Certificate fields
New SAML SSO Connection
  1. 3.
    Once you create the connection, click on it to find metadata associated with the SAML SSO Connection
SSO SAML Connection Details
  1. 4.
    Navigate to the Applications screen underneath the Applications sidebar entry
Applications -> Applications
  1. 5.
    Click Create App Integration and select SAML 2.0 for the app integration type
Create App Integration
SAML 2.0 Integration Type
  1. 6.
    Give your SAML Integration App a name and click Next
SAML Integration General Settings
  1. 7.
    Copy/paste the values shown in the Abbey SSO SAML Connections Screen into this Okta screen. The ACS Provider URL corresponds to the Single sign-on URL in Okta and the SP Entity ID corresponds to the Audience URI (SP Entity ID) field in Okta. Hit Next.
Fill in general SAML Settings Values
  1. 8.
    Click the radio button for "I'm an Okta customer adding an internal app" and fill in the other fields as you see fit. Then finish the process. This completes the Okta end of the setup.
Okta Support Information
  1. 9.
    Go to your Applications and click on the new Application you just created. Click on the Sign On tab. Scroll down under the SAML 2.0 section until you see the "Show Details" text. Click it to see relevant SAML details that you will need to copy/paste into Abbey to complete the Abbey side of the SAML connection.
Application Sign On Tab

Show Details for Application
  1. 10.
    Copy the Sign on URL field into the Abbey IDP SSO URL field, copy the Issuer URL into the Abbey IDP Entity ID field and copy the Signing Certificate into the IDP Certificate field. Then hit Update.
Finish Abbey SAML Connection Details
  1. 11.
    Once you see your SAML connections, activate your new SAML Connection
Activate your SAML Connection

Using Single Sign On

Simply put the email address associated with your user into the login screen, and Abbey will check to see if you are logged in with your IDP.
If the user has an active session, they'll proceed seamlessly. If not, they'll be asked to log in, after which they'll be signed into Abbey.
SSO Login