How to Set Up SAML SSO for Parabol
Parabol offers Single Sign On (SSO) for Enterprise users who require advanced authentication. It allows your business to control access to Parabol through an Identity Provider such as Okta, Google, Microsoft Entra ID, and many more. Many identity providers act as gateways where users can see all the apps (AKA Service Providers) supported by their company and login with a single click.
Getting set up with SSO is easy!
- Start the chat with our friendly Customer Success team. They’ll ask you to provide a list of domains (i.e. the part after the @ in your email) that you’d like to claim. Most companies only have one, e.g.
acme.com
, but some may have a few likecontractors.acme.com
- Visit the Authentication page in Parabol. From your Organizations page, click your Organization, and then click the Authentication tab. You’ll see your list of claimed domains at the top.
- In the following section, copy the URLs and paste them into your Identity Provider. The URLs don’t need to be kept secret, but ACS URL and Entity ID are custom to your organization.
- When setting up Parabol in your IdP, make sure to include an attribute called
email
(oremailaddress
) that includes the email address of the user. If you’re not sure what this means, we’ve got you! The Troubleshooting section below shows a few screenshots of what your config should look like for different Identity Providers. - When you’re done setting up Parabol in your Identity Provider, they’ll give you a Metadata URL. Copy that, paste it into the final section of the Parabol Authentication page, and click “Update Metadata”. A pop-up will appear asking you to login through your Identity Provider. Once you do, you and your users are all set! No need to come back to this page, this Metadata URL (and its contents) won’t ever change, even if you update parts of your app.
If you’re still stuck after looking at this walkthrough (it happens to the best of us) feel free to reach out to your account manager at Parabol for further help.
How do I include an email address attribute in my Identity Provider?
While other apps change their appearance all the time, here’s what it looks like in Q4 2023. Clicking “Update Metadata” and successfully logging in will “flip the switch”