All Collections
For POPin Administrators
How to configure SAML 2.0 Single Sign-On (SSO)
How to configure SAML 2.0 Single Sign-On (SSO)

If your organization has purchased a POPin enterprise subscription: Use this article to guide your SSO configuration.

POPin avatar
Written by POPin
Updated over a week ago

Your organization can Sign In to POPin with a single click (and avoid security headaches) thanks to available single sign-on for SAML 2.0 standard IdPs. Specifically, single sign-on will let your POPin team members access the app using your organization's user database or identity provider system—rather than POPin managing separate passwords that users have to remember.

SSO authentication for POPin can be enabled by your designated Administrative Account Owner (or another named Administrator) through the Enterprise Dashboard Settings screen.

Turnkey integrations

We are product ready with most major SAML 2.0 providers including: Azure, Okta, One Login, Ping Identity, and ADFS.

If your organization requires custom development work from the POPin team due to using a provider not represented on the above list, you may incur a development charge to enable SSO in your environment. Please contact our Client Success Team at support@popinnow.com or through the live Help chat so we can discuss the level of effort, and whether a development charge is necessary.

How to enable SSO authorization in POPin

POPin SSO uses the XML-based Security Assertion Markup Language (SAML 2.0) protocol for single sign-on into the app from a corporate portal or identity provider system. The identity provider system performs most of the work for the set up process.

Here are some upfront items of consideration:

  • You'll need to establish a SAML identity provider system and gather information about how it connects to POPin.

  • The identity provider system will supply an Identity Provider (IdP) Metadata XML file containing configuration settings to POPin.

  • POPin provides Service Provider (SP) Metadata XML file containing URLs for the start page, encryption key, and other settings for your identity provider system.

  • POPin enables the integration for your organization's POPin account settings after testing is completed.

Step 1: Configure

To get started with configuring single sign-on for POPin, navigate to the Enterprise Dashboard menu > Settings screen > Authentication section. Then, click on the 'SAML 2.0 Single Sign-On (SSO)' option.

  • Provide us with your IdP metadata XML
    You can upload your IdP metadata XML file or add the URL to the file that you host publicly so we can configure your certificate and your SAML binding in our SSO service.

  • Configure your IdP with our SP settings
    You can download our SP metadata XML and upload the file to your IdP. Or you can add the settings (SSO URL, ACS URL, Name ID Format, and Required User Attributes) manually in your IdP configuration.

Step 2: Verify

Once you complete the previous step, click 'Verify' to test that the settings are configured correctly. If the verify step fails, SSO will fail to properly connect when a new tab is opened in an attempt to connect.


Step 3: Enable

After you successfully verified the configuration, click 'Enable' to switch the default login method to SAML 2.0/SSO.

Watch this video tutorial to see how!

Common questions about POPin SSO

📌 Will the POPin user experience change when migrating to SSO from my current POPin authentication method?
No functionality within the app will be changed. SSO only simplifies the login process to use your organization's SSO credentials instead of a separate POPin username and password. If your SSO provider uses a different email address to assist the log-in of a user, versus the one we already have established, POPin may create an additional account using those SSO credentials. If you have questions about migrating existing accounts, feel free to reach out via support@popinnow.com.

📌 Do you support Just In Time (JIT) provisioning?
Yes. Users who successfully logged in using your organization's SSO integration will be provisioned in POPin if a user account does not already exist. Those users can start using POPin immediately. Every user will be able to create POPins unless they've been restricted via the Enterprise Dashboard.

📌 What happens to my existing POPin username/password?
You no longer have to use your POPin username and password to login to the app once SSO is enabled for your organization.

📌 Do you support both SAML and POPin username/password login?
No. Once SSO is enabled, users will not be able to login with their POPin username and password—if they created a POPin account prior to the SSO enablement.

📌 Is SAML configurable on a per user basis?
No. All users accessing POPin for domains and subdomains designated during your enterprise account set up will be required to use SSO authentication once this integration is enabled.

📌 What happens to users on my team that do not belong to our designated domains?
Turning on SSO will only affect users of the domains and subdomains designated during your enterprise account set up. Any users that are using e-mail addresses on other domains will not be affected by this integration. However, they may have limited access because they are not part of your organization or recognized as part of your enterprise subscription.

Use the live Help chat to contact our Client Success Team if you'd like additional support on any of these topics.

Did this answer your question?