Single Sign-On Overview

  • Updated
Act-On supports Security Assertion Markup Language (SAML) as a method to log into the platform. With this feature enabled, you can use Single Sign-On (SSO) for authentication instead of logging in directly. Users sign in to an external Identity Provider (IDP) and access Act-On with a click of a button. If the user is on multiple Act-On accounts, they will see a screen that lists each with an option to sign in.

Please note: SAML is not enabled by default. You can contact Support for more information about enabling it. If you are using Azure there are some additional steps required to configure a SAML Identity Provider before setup.

How to Setup SSO

Please consider the restrictions listed in the Limitations section below before requesting this feature.

If you are ready to start the process please send Support the following:

  • Your Identity Provider (IDP) metadata (xml file). This must include an Entity ID.
  • A Signature signing certificate (TXT file)

We will then send back our SAML Service Provider (SP) metadata (XML file). This will include our Entity ID, which can vary depending on your region. Once this data has been exchanged, we can deploy the configuration changes to our SAML server.

Finally, we arrange a date and time to 'switch on' the feature and provide the last instructions on how to register the SSO users within the Act-On platform.

Act-On SAML service has a 2-hour refresh requirement, so users will need to refresh their IDP session. Most IDPs do this automatically, however, Azure does not and it requires session management to be set up.

Limitations

There are a few restrictions to using this setup

  • You cannot use Act-On's standard login feature to access the platform
  • You cannot view/reset/change your Act-On password through the platform
  • You cannot use the Act-On Anywhere plugin with SSO users.
  • You cannot authenticate to the API with SSO users. 
    • This includes using external tools that use the API such as Zapier.

If API access is needed, we can set up a non-SSO user that can be dedicated to those integrations.

 

 

Was this article helpful?

Have more questions? Submit a request