Single sign-on (SSO) is an authentication method that allows your users to log in to the UXCam dashboard using your existing SSO login credentials. So, with SSO you can just use one account to access all of your systems including UXCam. To start using the SSO first you need to configure the settings both in UXCam and the respective identity provider.
Please note that you should have the administrative privilege for creating applications in your identity provider and be an Owner or Manager in UXCam.
✓ Important:
To invite team members using SSO login, you need to give them access to the app you've created in your Authentication provider. Only after they have access to that app, you should add them to your organization in UXCam Dashboard.
General setup
- Log in to your identity provider account (e.g. OneLogin).
- Navigate to your applications.
- Create a new application for UXCam, it will request you to fill in some details:
- To get the Entity ID and ACS URL:
- In your UXCam account, click on your name (bottom-left corner)> Team > Click on Single Sign-On tab.
- To get the Entity ID and ACS URL:
-
-
- Copy the Entity ID and ACS URL.
- Paste them into your identity provider account where required.
- Next, copy the Single sign-on URL, the identifier or issuer URL, and the certificate from your identity provider, and paste them into the corresponding fields (SSO URL, Entity ID, and Certificate) in the Single Sign On settings tab in UXCam.
-
-
- Click Save.
- Click on Test Config to test your settings.
- Once your test is successful, enable SSO by clicking on the Enable SSO button.
- Now log out from the system and login back again using the Login with SSO option.
The navigation instructions and field names above may differ across identity providers. You can find more specific instructions for setting up applications in commonly used identity providers below:
Instructions for specific identity providers
OneLogin
Please note that you need the administrative privilege in your OneLogin instance to create a new application.
- Log in to OneLogin.
- Create a new Application.
- Create a "SAML2.0" connector.
- In the upper right, click Save.
- Click the Configuration tab.
- Copy the following fields from UXCam SSO settings page and paste them into the corresponding fields in OneLogin:
- Copy the value under the Entity ID and paste it into the Audience (Entity ID).
- Copy the value under the ACS URL and paste it into the ACS (Consumer) URL Validator and the ACS (Consumer) URL.
- In the upper right of your OneLogin account, click Save.
- Copy the following fields from OneLogin and paste them into the corresponding fields in the Single Sign On settings tab in UXCam:
- Copy the value under Issuer URL and paste it into the Entity ID.
- Copy the value under SAML 2.0 Endpoint (HTTP) and paste it into the SSO URL.
- Under X.509 Certificate, click View Details, then copy the certificate and paste it into Certificate.
- Click on Save.
- Click on Test Config to test your settings.
- Once your test is successful, enable SSO by clicking on the Enable SSO button.
Azure
Please note that you need administrative privilege to configure SSO in your application
- Log in into Azure Active Directory Admin Center with administrative privileges.
- In the left menu, click Enterprise applications, and search the one that you would like to use.
- After selecting the application, in the Manage section on the left menu, select Single Sign-on to open the panel for editing.
- Select SAML to open the SSO configuration page.
- Copy the following fields from UXCam SSO settings page and paste them into the corresponding fields in this SSO configuration page:
-
- Copy the value under the Entity ID and paste it into Identifier (Entity ID)
- Copy the value under ACS URL and paste it into Reply URL (Assertion Consumer Service URL)
-
- Click Save and head over to SAML Signing Certificate (#3)
- Click edit and in the Signing Option make sure to select Sign SAML response and assertion.
- Click Save and head over to step 4 in the SSO configuration page in Azure.
- Copy the following fields from Azure and paste them into the corresponding fields in the Single Sign On settings tab in UXCam:
- Copy the value under Login URL and paste it into the SSO URL.
- Copy the value under Azure AD Identifier and paste it into the Entity ID.
- Under SAML Signing Certificate, you will find different options for downloading the Signing Certificate. Choose one and paste it into Certificate area in UXCam.
- Click on Save.
- Click on Test Config to test your settings.
- Once your test is successful, enable SSO by clicking on the Enable SSO button.
Okta
Please note that you need the administrative privilege in your Okta instance to create a new application.
- Log in to Okta. Make sure you are in the administrative instance of your Okta developer account.
- Click Applications in the top navigation bar.
- Click Create New App.
- Select SAML 2.0 and click on Create.
- On the General Settings screen specify the App name, then click on Next.
- Copy the following fields from UXCam SSO settings page and paste them into the corresponding fields in Okta Configure SAML screen:
- Copy the value under the Entity ID and paste it into the Audience URI (SP Entity ID).
- Copy the value under the ACS URL and paste it into Single sign on URL.
- Click on Next and then Finish to complete the SAML Integration.
- Inside the Sign On tab in your application, click on View Setup Instructions.
- Copy the following fields from Okta and paste them into the corresponding fields in the Single Sign On settings tab in UXCam:
- Copy the value under Identity Provider Single Sign-On URL and paste it into the SSO URL.
- Copy the value under Identity Provider Issuer and paste it into the Entity ID.
- Under X.509 Certificate, click View Details, then copy the certificate and paste it into Certificate.
- Click on Save.
- Click on Test Config to test your settings.
- Once your test is successful, enable SSO by clicking on the Enable SSO button.
Once you have enabled the SSO, navigate to https://app.uxcam.com/login and click on the button Login with SSO and add your email address to sign in. UXCam will look up your organization’s SSO configuration and request your identity provider to sign in.
Note » SSO Sign login is only available on Enterprise plans, if you want to have access to this feature please contact team@uxcam.com
FAQ
» How can I revoke access to users that are no longer in the company?
To revoke access to users from the Dashboard you should remove them from your organization. Just go to the Dashboard > click on your name > Team > click on the pencil next to the user name > click on the trash bin to delete it. Please keep in mind that this will only remove access to the Dashboard, if you want to remove access completely, you should also do it from your Authentication provider.
» What happens if I remove a user from UXCam Dashboard, but they still have access to the authentication provider (e.g. one login)?
If you remove a user from UXCam Dashboard they won’t be able to log in, even if they still have access to the SSO login.
» What should I do to invite team members?
To invite team members using SSO login, first, you need to give them access to the app you've created in your Authentication provider, once they have access to the app you should add them to your organization in the Dashboard.
Just go to the Dashboard > click on your name > Team > Invite teammate. They will receive an email with a link to log in to UXCam using SSO.
» What happens if the certifications change?
You will need to disable the SSO and reconfigure it. If you have any trouble, please feel free to reach out to team@uxcam.com.
» What happens if I disable SSO?
If you disable SSO, each team member will receive an email and they will need to reset their password to sign in using their email address.
» Can I continue using my email and password to log in if I’ve enabled SSO?
When SSO is enabled, all members of your organization will need to use SSO to log in and will no longer be able to use their email and password.