Set Up Single Sign-On for Enterprise Organizations

📘

This feature is only available for customers on an Enterprise plan, and is restricted to Owner and Admin user roles. Please contact your Customer Support Manager or [email protected] for more information.

If the child organizations within your enterprise all use different sign on methods, you can use the Enterprise Organization Single Sign-On feature to set the same method across all your organizations. You can either set up single-sign by providing Security Access Markup Language (SAML) configuration information for your Identity Provider (IdP), or through Okta. You can find more information about SAML in the Security Access Markup Language article on Wikipedia, and in the article The Importance of RBAC and SAML for Security and Compliance from Mezmo.

Identity Provider Setup

What You Need

• The metadata file for your IdP
  OR
• The sign-in URL for your IdP
• The X.509 certificate fields from your IdP

Set the SAML Configuration

1. Log in to the Mezmo Web App.
2. Select your organization at the bottom of the left-hand navigation.
3. Click Enterprise Dashboard.
4. Click Access Management.
5. Under Sign-In Policy, enable SAML Sign-in by moving the toggle switch to the On position.
6. Under SAML Configuration, provide the metadata.xml file for your identity provider.

Manual SAML Configuration

If you prefer to manually enter your SAML configuration information:

1. Click manually configure.
2. Enter the Identity provider sign-in URL.
3. If you want to enable the option for SAML Single Logout (SLO), move the toggle switch to the On position.
4. Select and upload the X.509 certificate for your identity provider.
5. Click Save config.

Okta Setup

To set up single-sign on for your child organizations using Okta, follow the instructions in the Okta Setup section of the Organization Management topic SAML SSO.

📘

Enterprise SAML Endpoint

The URL for the Enterprise SAML endpoint is auth/enterprise-saml-consume/(enterprise_id)