Abbey Docs
  • 👋Welcome
  • Getting Started
    • Quickstart
    • Step-by-Step Tutorials
      • AWS: Managing Access to Identity Center Groups
      • AWS: Managing Access to Identity Center Permission Sets
      • AWS: Managing Access to IAM Groups
      • Azure AD: Managing Access to Groups
      • Confluent: Managing Access to Kafka ACLs
      • Databricks: Managing Access to Managed Tables in Unity Catalog
      • Databricks: Managing Access to Groups
      • GitHub: Managing Access to Teams
      • Google Cloud: Managing Access to Groups
      • Google Workspace: Managing Access to Google Groups
      • Kafka: Managing Access to ACLs
      • Okta: Managing Access to Groups
      • Postgres: Managing Access to Roles
      • Snowflake: Managing Access to Tables
      • Tabular: Managing Access to Apache Iceberg Roles
      • Tailscale: Managing Access to ACLs
      • Vault: Managing Access to Groups and Policies
      • Integrating Abbey with Terraform Cloud
      • Using Abbey with Atlantis
      • Using Abbey with Spacelift
    • Starter Kits
  • How Abbey Works
    • How Abbey Works
    • Key Concepts
  • Build a Grant Kit
    • Get a Starter Kit
    • Connect a Repo
    • Create a Grant Kit
    • Link Identities
    • Write Access Policies
    • Deploy Your Grant Kit
    • Request Access
    • Approve or Deny Access Requests
  • Use Cases
    • Time-Based Access
      • Expire After a Duration
      • Expire At a Specific Time
    • Approval Workflows
      • Using a Single Approval Step
      • Using Multiple Approval Steps
      • Conditionally Skip Approval Steps
  • Admin
    • User Roles
    • Sign-in and MFA
      • Sign-in Methods
      • Multifactor Authentication (MFA)
      • Enabling Single Sign-On
    • Sources
      • PagerDuty
      • Directory Sync
    • End User Notifications
    • Manage API Tokens
  • Reference
    • Grant Kits
      • Workflows
      • Policies
      • Outputs
    • Referencing Users and Groups
    • Linking Application Identities into Abbey
      • Why do I need to link application identities?
      • How do I Link Application Identities?
      • Supported Application Identity Types and Schemas
      • Application Data Object
    • Access Policies
      • Types of Access Policies
      • Policy Bundles
      • Inline Policies
      • Helper Functions
      • Policy Examples
    • Terms of Service
    • FAQ
      • Troubleshooting
  • Resources
    • Abbey Labs
    • Terraform Registry
    • GitHub
    • System Status
    • Privacy Policy
    • Logo
Powered by GitBook
On this page
  • Overview
  • Setup
  • Google Workspace
  • Okta
  • Using Single Sign On
  1. Admin
  2. Sign-in and MFA

Enabling Single Sign-On

PreviousMultifactor Authentication (MFA)NextSources

Last updated 1 year ago

Overview

Single Sign On (SSO) delegates authentication to a 3rd party identity provider such as Okta, Google Workspace, or Azure AD. Abbey supports SSO via the use of a standardized authentication protocol, SAML.

Abbey currently supports SSO via Google Workspace and Okta, with more providers on the way.

Setup

Google Workspace

  1. Navigate to the SSO Page under

  1. Go to Google Workspaces and navigate to Apps -> Web and mobile apps

  1. Click Add app -> Add custom SAML app

  1. Enter in basic details about your SAML Application

  1. Now you'll be presented with a screen in the Google Admin console with Identity Provider information. Use that to create a new SSO connection in Abbey.

  1. Click on New SSO Connection and fill in the information presented above

  1. Now you'll see your new SSO connection. Click on it to get the URLs needed by Google Workspaces to finish the SSO connection process.

  1. Copy over those values into the next screen for the Google Workspace setup

  1. Finish the wizard

  1. Grant permission to users who you want to grant Abbey access to the permission to use the new SAML app you created

  1. Click the Activate slider to activate the SAML Connection. Confirm in the modal.

Okta

  1. Navigate to the SSO page

  1. Create a new SSO Connection but do not fill in the IDP SSO URL, IDP Entity ID, and IDP Certificate fields

  1. Once you create the connection, click on it to find metadata associated with the SAML SSO Connection

  1. Navigate to the Applications screen underneath the Applications sidebar entry

  1. Click Create App Integration and select SAML 2.0 for the app integration type

  1. Give your SAML Integration App a name and click Next

  1. Copy/paste the values shown in the Abbey SSO SAML Connections Screen into this Okta screen. The ACS Provider URL corresponds to the Single sign-on URL in Okta and the SP Entity ID corresponds to the Audience URI (SP Entity ID) field in Okta. Hit Next.

  1. Click the radio button for "I'm an Okta customer adding an internal app" and fill in the other fields as you see fit. Then finish the process. This completes the Okta end of the setup.

  1. Go to your Applications and click on the new Application you just created. Click on the Sign On tab. Scroll down under the SAML 2.0 section until you see the "Show Details" text. Click it to see relevant SAML details that you will need to copy/paste into Abbey to complete the Abbey side of the SAML connection.

  1. Copy the Sign on URL field into the Abbey IDP SSO URL field, copy the Issuer URL into the Abbey IDP Entity ID field and copy the Signing Certificate into the IDP Certificate field. Then hit Update.

  1. Once you see your SAML connections, activate your new SAML Connection

Using Single Sign On

Simply put the email address associated with your user into the login screen, and Abbey will check to see if you are logged in with your IDP.

If the user has an active session, they'll proceed seamlessly. If not, they'll be asked to log in, after which they'll be signed into Abbey.

https://app.abbey.io/
Setup SSO with Google Workspace
Setup SSO Okta
Using SSO
SSO Connections
Web and Mobile Apps
Basic App Info
Identity Provider Metadata
New SSO Connection
Connection Created
URLs needed by Google Workspace
Service Provider Details
Finish the wizard
Example of turning Abbey on for everyone
SSO Connections
New SAML SSO Connection
SSO SAML Connection Details
Applications -> Applications
Create App Integration
SAML 2.0 Integration Type
SAML Integration General Settings
Fill in general SAML Settings Values
Okta Support Information
Application Sign On Tab
Show Details for Application
Finish Abbey SAML Connection Details
Activate your SAML Connection
SSO Login