Your organization can sign on with a single click (and avoid security headaches) thanks to available Single Sign-On for all SAML 2.0 standard IdPs.
Single Sign-On lets users access POPin using your organization's user database or Identity Provider rather than POPin managing separate passwords for the users.
POPin SSO uses the XML-based Security Assertion Markup Language (SAML 2.0) protocol for single sign-on into POPin from a corporate portal or identity provider.
The identity provider performs most of the work to set up single sign-on (SSO).
- Establish a SAML identity provider and gather information about how they connect to POPin.
- The identity provider provides Identity Provider (IdP) Metadata XML file containing configuration settings to POPin.
- POPin provides Service Provider (SP) Metadata XML file containing URLs for the start page, encryption key, and other settings to your identity provider.
- POPin enables the integration in your organization's setting after testing is completed.
Supported Identity Providers
- One Login
- Ping Identity
- Other SAML 2.0 compliant providers
- Administrator level access to your organization's POPin account.
- Ensure your organization SAML 2.0 Identity Provider (IdP) is setup with a valid IdP Metadata XML. You can use either a URL to the IdP Metadata XML that you host or upload the Metadata File.
- Before enabling this authentication, validate the Metadata URL you entered or Metadata File you selected is correct by clicking the 'Verify' function.
Step 1: Configure
To get started configuring Single Sign-On, visit Enterprise Dashboard > Settings Tab > Authentication then click on the 'SAML 2.0 Single Sign-on (SSO) option.
- Provide us with your IdP metadata XML
You can upload your IdP metadata XML file or add the URL to the file that you host publicly so we can configure your certificate and your SAML binding in our SSO service.
- Configure your IdP with our SP settings
You can download our SP metadata XML and upload the file to your IdP. Or you can add the settings (SSO URL, ACS URL, Name ID Format, and Required User Attributes) manually in your IdP configuration.
Step 2: Verify
Once you complete the previous step, click "Verify" to test that the settings are configured correctly.
Step 3: Enable
After you successfully verified the configuration, click "Enable" to switch the default login method to SAML 2.0 / SSO.
Will the POPin user experience change when migrating to SSO from my current POPin authentication method?
No, SSO only simplifies the login process to use your organization's SSO credential instead of POPin's username and password.
What SAML versions are supported?
Where can I find your SP Metadata XML or SP Settings?
You can find the SP settings specific to your organization in the Enterprise Settings > Authentication page accessible if you're the owner or administrator of your organization's POPin account.
Do you support Just In Time (JIT) provisioning?
Yes, users who successfully logged in using your organization's SSO credential will be provisioned in POPin if it does not already exist and can start using POPin immediately.
What happens to my existing POPin username/password?
You no longer have to use your POPin username and password to login to POPin once SSO is enabled in your organization.
Do you support both SAML and POPin username/password login?
No, once a user is SAML enabled, they will not be able to login with their POPin username and password.
Is SAML configurable on a per user basis?
No, all users belonging to a SAML enabled domain will be required to use SAML authentication.
What happens to users on my team that do not belong to our claimed domains?
Turning on SSO will only affect users of the claimed domain. Any users that are using e-mail addresses on other domains will not be affected, however they may have limited access because they are not part of your organization.
What is your SSO URL?
if you're the owner or administrator of your organization's POPin account, you can go to Enterprise Settings > Authentication page to obtain the SSO URL specific to your organization.
What is your ACS URL?
If you're the owner or administrator of your organization's POPin account, please go to Enterprise Settings > Authentication page accessible to obtain the SSO URL specific to your organization.