Enabling Single Sign-On

Overview

Single Sign On (SSO) delegates authentication to a 3rd party identity provider such as Okta, Google Workspace, or Azure AD. Abbey supports SSO via the use of a standardized authentication protocol, SAML.

Abbey currently supports SSO via Google Workspace and Okta, with more providers on the way.

Setup

Google Workspace

1. Navigate to the SSO Page under

1. Go to Google Workspaces and navigate to Apps -> Web and mobile apps

1. Click Add app -> Add custom SAML app

1. Enter in basic details about your SAML Application

1. Now you'll be presented with a screen in the Google Admin console with Identity Provider information. Use that to create a new SSO connection in Abbey.

1. Click on New SSO Connection and fill in the information presented above

1. Now you'll see your new SSO connection. Click on it to get the URLs needed by Google Workspaces to finish the SSO connection process.

1. Copy over those values into the next screen for the Google Workspace setup

1. Finish the wizard

1. Grant permission to users who you want to grant Abbey access to the permission to use the new SAML app you created

1. Click the Activate slider to activate the SAML Connection. Confirm in the modal.

Okta

1. Navigate to the SSO page

1. Create a new SSO Connection but do not fill in the IDP SSO URL, IDP Entity ID, and IDP Certificate fields

1. Once you create the connection, click on it to find metadata associated with the SAML SSO Connection

1. Navigate to the Applications screen underneath the Applications sidebar entry

1. Click Create App Integration and select SAML 2.0 for the app integration type

1. Give your SAML Integration App a name and click Next

1. Copy/paste the values shown in the Abbey SSO SAML Connections Screen into this Okta screen. The ACS Provider URL corresponds to the Single sign-on URL in Okta and the SP Entity ID corresponds to the Audience URI (SP Entity ID) field in Okta. Hit Next.

1. Click the radio button for "I'm an Okta customer adding an internal app" and fill in the other fields as you see fit. Then finish the process. This completes the Okta end of the setup.

1. Go to your Applications and click on the new Application you just created. Click on the Sign On tab. Scroll down under the SAML 2.0 section until you see the "Show Details" text. Click it to see relevant SAML details that you will need to copy/paste into Abbey to complete the Abbey side of the SAML connection.

1. Copy the Sign on URL field into the Abbey IDP SSO URL field, copy the Issuer URL into the Abbey IDP Entity ID field and copy the Signing Certificate into the IDP Certificate field. Then hit Update.

1. Once you see your SAML connections, activate your new SAML Connection

Using Single Sign On

Simply put the email address associated with your user into the login screen, and Abbey will check to see if you are logged in with your IDP.

If the user has an active session, they'll proceed seamlessly. If not, they'll be asked to log in, after which they'll be signed into Abbey.