Single Sign On (SSO) delegates authentication to a 3rd party identity provider such as Okta, Google Workspace, or Azure AD. Abbey supports SSO via the use of a standardized authentication protocol, SAML.
Abbey currently supports SSO via Google Workspace and Okta, with more providers on the way.
Go to Google Workspaces and navigate to Apps -> Web and mobile apps
Web and Mobile Apps
Click Add app -> Add custom SAML app
Enter in basic details about your SAML Application
Basic App Info
Now you'll be presented with a screen in the Google Admin console with Identity Provider information. Use that to create a new SSO connection in Abbey.
Identity Provider Metadata
Click on New SSO Connection and fill in the information presented above
New SSO Connection
Now you'll see your new SSO connection. Click on it to get the URLs needed by Google Workspaces to finish the SSO connection process.
URLs needed by Google Workspace
Copy over those values into the next screen for the Google Workspace setup
Service Provider Details
Finish the wizard
Finish the wizard
Grant permission to users who you want to grant Abbey access to the permission to use the new SAML app you created
Example of turning Abbey on for everyone
Click the Activate slider to activate the SAML Connection. Confirm in the modal.
Navigate to the SSO page
Create a new SSO Connection but do not fill in the IDP SSO URL, IDP Entity ID, and IDP Certificate fields
New SAML SSO Connection
Once you create the connection, click on it to find metadata associated with the SAML SSO Connection
SSO SAML Connection Details
Navigate to the Applications screen underneath the Applications sidebar entry
Applications -> Applications
Click Create App Integration and select SAML 2.0 for the app integration type
Create App Integration
SAML 2.0 Integration Type
Give your SAML Integration App a name and click Next
SAML Integration General Settings
Copy/paste the values shown in the Abbey SSO SAML Connections Screen into this Okta screen. The ACS Provider URL corresponds to the Single sign-on URL in Okta and the SP Entity ID corresponds to the Audience URI (SP Entity ID) field in Okta. Hit Next.
Fill in general SAML Settings Values
Click the radio button for "I'm an Okta customer adding an internal app" and fill in the other fields as you see fit. Then finish the process. This completes the Okta end of the setup.
Okta Support Information
Go to your Applications and click on the new Application you just created. Click on the Sign On tab. Scroll down under the SAML 2.0 section until you see the "Show Details" text. Click it to see relevant SAML details that you will need to copy/paste into Abbey to complete the Abbey side of the SAML connection.
Application Sign On Tab
Show Details for Application
Copy the Sign on URL field into the Abbey IDP SSO URL field, copy the Issuer URL into the Abbey IDP Entity ID field and copy the Signing Certificate into the IDP Certificate field. Then hit Update.
Finish Abbey SAML Connection Details
Once you see your SAML connections, activate your new SAML Connection
Activate your SAML Connection
Using Single Sign On
Simply put the email address associated with your user into the login screen, and Abbey will check to see if you are logged in with your IDP.
If the user has an active session, they'll proceed seamlessly. If not, they'll be asked to log in, after which they'll be signed into Abbey.