SSO is included in the Core, Advanced, and Enterprise Plans. If you're not sure if your plan includes SSO, please contact your Account manager.
Okta
To set up Sendoso with Okta, you'll need to add the Sendoso application in Okta by following the steps below. Once you have these completed, connect with our team to finish the setup!
Supported Features:
- SP-initiated SSO
- IdP-initiated SSO
- Just-in-Time Provisioning
- SCIM Provisioning
Configuring Okta
*Note - in a few steps, you'll need to define a unique connection name. We'll use your company name (ex. sendoso, okta, auth0), however, since these are unique it can't be the same as another connection. If you're concerned about potential overlap or you've migrated to a new Okta instance please connect with our support team first.*
From the Okta Admin Dashboard, click Applications, then Browse App Catalog.
Next, search for Sendoso and click on the Sendoso SAML option.
Then hit, + Add Integration.
Review the application label field, by default it will be Sendoso (this is what Okta users will see). Then hit Done.
After clicking done, navigate to the 'Sign On' tab, and click 'Edit' under Settings.
Scroll down to the 'Advanced Sign-on Settings' section, and in the Connection field input your company's name in all lowercase letters (ex. auth0, okta, sendoso) then hit save.
After hitting save, scroll back up, and under the SAML 2.0 section, click "More Details."
Copy the Sign On URL & Download the Signing Certificate.
Finally, please contact our support team to complete the setup by choosing SSO and Complete Set Up on your support request.
Be sure to include the following:
- Connection Name (the one you put in the 'connection' field):
- Sign-in URL (Copied from the step above):
- Signing Cert that was downloaded (you can attach this file when submitting the support request)
That's it! The Sendoso team will assist in completing the setup from this point.
Provisioning
If you wish to provision users, please read below. Once you have determined which method is right for you, please include that in your support request!
Here are the details for each method:
Just-in-Time Provisioning -
Sendoso will create the user from Okta when they click on the assigned application for the first time. No updates or deletions will be handled via this method.
SCIM Provisioning -
Sendoso will create the user immediately once the tile is assigned. After that, any updates to the user's profile in Okta will push to Sendoso (ie. a change to their division attribute). This method will also de-provision a user if they are removed from the application in Okta.
To get set up with SCIM, navigate to the 'Provisioning' tab and click 'Configure API Integration.'
Next, click the checkbox to Enable API Integration and then the 'Authenticate with Sendoso' button.
A pop-up will appear asking you to log in (if not already). Once you do that, hit the green button to allow Okta x Sendoso.
Once authenticated, press save.
Once the page reloads, click 'Edit' in the top section of provisioning and choose what options you'd like Sendoso to handle.
Click 'Save' and you're done!
Be sure you let us know in your support request that you've chosen to enable SCIM.
Additional details about provisioning with Sendoso x Okta:
The following SAML attributes are supported -
| Attribute Name | Value |
| user_name | user.userName |
| user.email | |
| givenName | user.firstName |
| familyName | user.lastName |
| userType | user.userType |
| division | user.divison |
The division attribute (team in Sendoso), should be an exact match to the team name in Sendoso.
The userType attribute (role in Sendoso), can be any of the following: admin, department_admin, manager, or sender (all lowercase).
When using SCIM, if no values are added for userType, Sendoso will default to the lowest permission set (sender). In the event division doesn't have a value, the user will not be provisioned to any team in Sendoso and you will have to manually add them to a team.
If you elect to use just-in-time and no value is passed for userType, Sendoso will default to the lowest permission set (sender). If the division attribute is missing, Sendoso will default to a team that is chosen by you (be sure to include that in your support ticket).
Google Gsuite
This guide is to set up SSO through Google GSuite into Sendoso. Once you have completed the Gsuite setup, please contact support to complete the setup by choosing SSO and Complete Set Up on your Support Request.
Set up in Google:
- Follow the instructions for setting up OAuth 2.0.
- Set Application type as: Web Application
- Name: Sendoso
- Authorized Redirect URI: https://sendosoprod.auth0.com/login/callback
Once you have set this up, please provide the following info via support ticket:
- GSuite Domain
- Client ID
- Client Secret
Once you have this information ready to go, please contact our support team to assist with the final setup on Sendoso's side. You can contact them by clicking the orange widget at the bottom-right corner of this article.
OneLogin
This guide is to set up SSO through OneLogin into Sendoso. Once you have completed the OneLogin setup, please contact support to complete the setup by choosing SSO and Complete Set Up on your Support Request.
- Log in to the OneLogin Dashboard, and click Apps > Add Apps.
- Search for SAML, and select SAML Test Connector (IdP w/attr).
- When prompted, change the Display Name of your app. Click SAVE.
- Go to the SSO tab, and copy the values for SAML 2.0 Endpoint (HTTP) and SLO Endpoint (HTTP). Click on the View Details link at the X.509 Certificate field.
- Download the X.509 certificate onelogin.pem.
Once these steps are complete - please provide the X509 certificate, Signin URL, and Sign Out URL in a support ticket to the Sendoso support team and they will assist with finishing the connection setup. You can contact them by clicking the orange widget at the bottom-right corner of this article.
PingFederate
This guide is to set up SSO through PingFederate into Sendoso.
Sendoso will require three pieces of information:
- A Connection Name: This is going to be your company name in all lower case (ex. sendoso)
- The PingFederate Server URL: This is the server URL that we will use for SSO. (ex. https://sso.sendosoexample.com/idp/SSO.saml2)
- An x509 signing certificate: This is your PingFederate server public key that can be gathered from the PingFederate side. The method to acquire this varies depending on setup, but you can find documentation on how to download this here.
Once you have this information ready to go, please contact our support team to assist with the final setup on Sendoso's side. You can contact them by clicking the orange widget at the bottom-right corner of this article.
You will need the following pieces of information for your setup in Ping:
- Partner Entity ID: urn:auth0:sendosoprod:YOUR_CONNECTION_NAME
- ASC URL: https://sendosoprod.auth0.com/login/callback?connection=YOUR_CONNECTION_NAME
Please also make sure the EMAIL attribute statement is set up as this is will be required to complete the login to Sendoso.
Azure AD
This guide is to set up SSO through Azure into Sendoso. Once you have completed the Azure AD App Registration, please contact support to complete the setup by choosing SSO and Complete Set Up on your Support Request.
Azure Set-Up:
- If you have access to more than one tenant, choose the tenant you want in the upper right corner.
- Search for Azure Active Directory. Under Manage, choose App Registrations. Click new registration.
- When registering the application, enter "Sendoso" as the name.
- Choose who can use the application.
- Enter our callback URL in the redirect URI:
https://sendosoprod.auth0.com/login/callback - Register the app.
- Take note of the Client ID found on the App Overview screen.
- Create a Client Secret by following these steps
- Select Azure Active Directory.
- From App registrations in Azure AD, select your application.
- Select Certificates & secrets.
- Select Client secrets -> New client secret.
- Provide a description of the secret and a duration. When done, select Add.
- Set up user permissions.
Once you complete these steps, please reach out to Sendoso support and provide the following pieces of information:
- Microsoft Azure AD Domain (pictured below)
- Client ID
- Client Secret (select the "Value" option here, not the "Secret ID")
Custom SAML Configuration
If you're using your own identity provider, or prefer building a custom SAML connection, this section will help guide you through the process.
To start, you'll need to define a connection name. This is going to be your company name in all lower case (ex. sendoso). If you are an organization that may have multiple business units using Sendoso, connect with our Support Team first to confirm your connection name.
After you have the connection name, you will need the following pieces of information for your setup:
- Entity ID: urn:auth0:sendosoprod:{{YOUR_CONNECTION_NAME}}
- ASC URL: https://sendosoprod.auth0.com/login/callback?connection={{YOUR_CONNECTION_NAME}}
Make sure you update the {{YOUR_CONNECTION_NAME}} part.
Please also make sure the EMAIL attribute statement is set up as this is will be required to complete the login to Sendoso.
Sendoso will require three pieces of information:
- The Connection Name: This is going to be your company name in all lower case as mentioned previously (ex. sendoso)
-
The Sign In URL: This is the URL that we will use for SSO.
- (ex. https://sso.company.com/app/sendoso/xyz123/sso/saml)
- An x509 signing certificate
Once you have this information ready to go, please contact our support team to assist with the final setup on Sendoso's side. You can contact them by clicking the orange widget at the bottom-right corner of this article.