# Enabling Single Sign-On ## Overview Single Sign On (SSO) delegates authentication to a 3rd party identity provider such as Okta, Google Workspace, or Azure AD. Abbey supports SSO via the use of a standardized authentication protocol, SAML. Abbey currently supports SSO via Google Workspace and Okta, with more providers on the way. ## Setup * [Setup SSO with Google Workspace](#google-workspace) * [Setup SSO Okta](#okta) * [Using SSO](#using-single-sign-on) ### Google Workspace 1. Navigate to the SSO Page under

SSO Connections

2. Go to Google Workspaces and navigate to Apps -> Web and mobile apps

Web and Mobile Apps

3. Click Add app -> Add custom SAML app
4. Enter in basic details about your SAML Application

Basic App Info

5. Now you'll be presented with a screen in the Google Admin console with Identity Provider information. Use that to create a new SSO connection in Abbey.

Identity Provider Metadata

6. Click on *New SSO Connection* and fill in the information presented above

New SSO Connection

7. Now you'll see your new SSO connection. Click on it to get the URLs needed by Google Workspaces to finish the SSO connection process.

Connection Created

URLs needed by Google Workspace

8. Copy over those values into the next screen for the Google Workspace setup

Service Provider Details

9. Finish the wizard

Finish the wizard

10. Grant permission to users who you want to grant Abbey access to the permission to use the new SAML app you created

Example of turning Abbey on for everyone

11. Click the *Activate* slider to activate the SAML Connection. Confirm in the modal.
### ### Okta 1. Navigate to the SSO page

SSO Connections

2. Create a new SSO Connection but do not fill in the IDP SSO URL, IDP Entity ID, and IDP Certificate fields

New SAML SSO Connection

3. Once you create the connection, click on it to find metadata associated with the SAML SSO Connection

SSO SAML Connection Details

4. Navigate to the Applications screen underneath the Applications sidebar entry

Applications -> Applications

5. Click Create App Integration and select SAML 2.0 for the app integration type

Create App Integration

SAML 2.0 Integration Type

6. Give your SAML Integration App a name and click Next

SAML Integration General Settings

7. Copy/paste the values shown in the Abbey SSO SAML Connections Screen into this Okta screen. The ACS Provider URL corresponds to the Single sign-on URL in Okta and the SP Entity ID corresponds to the Audience URI (SP Entity ID) field in Okta. Hit Next.

Fill in general SAML Settings Values

8. Click the radio button for "I'm an Okta customer adding an internal app" and fill in the other fields as you see fit. Then finish the process. This completes the Okta end of the setup.

Okta Support Information

9. Go to your Applications and click on the new Application you just created. Click on the Sign On tab. Scroll down under the SAML 2.0 section until you see the "Show Details" text. Click it to see relevant SAML details that you will need to copy/paste into Abbey to complete the Abbey side of the SAML connection.

Application Sign On Tab

###

Show Details for Application

10. Copy the Sign on URL field into the Abbey IDP SSO URL field, copy the Issuer URL into the Abbey IDP Entity ID field and copy the Signing Certificate into the IDP Certificate field. Then hit Update.

Finish Abbey SAML Connection Details

11. Once you see your SAML connections, activate your new SAML Connection

Activate your SAML Connection

## Using Single Sign On Simply put the email address associated with your user into the login screen, and Abbey will check to see if you are logged in with your IDP. If the user has an active session, they'll proceed seamlessly. If not, they'll be asked to log in, after which they'll be signed into Abbey.

SSO Login