📘

Please contact your OneSchema representative for more info on enabling SSO for your organization.

OneSchema supports single-sign-on (SSO) and Security Assertion Markup Language (SAML) authentication to manage authentication and access to the OneSchema dashboard.

When you set up a SAML authentication method, only users in your organization's identity provider will be able to log into to the application. By default, all other authentication methods will be disabled.

All SAML SSO configurations support "Just In Time" (JIT) provisioning, which allows OneSchema to create users when they log in for the first time.

We support several identity providers including Okta, Microsoft, and Google.

Configuring Okta SAML / SSO

1. From the Okta Admin Dashboard, click Create App Integration in the Applications tab

2. Select SAML 2.0 and continue to the the General Settings form, enter the name of your application as OneSchema.
3. In the Configure SAML form:
   1. Input the acs_url as the Single sign-on URL. This will be provided by your OneSchema representative.
   2. Input the audience_uri as the Audience URI (SP Entity ID). This will be provided by your OneSchema representative.
   3. Select EmailAddress for Name ID format
   4. In Attribute Statements create two inputs:
      Name: firstName; Name format: Basic; Value: user.firstName
      Name: lastName; Name format: Basic; Value: user.lastName

4. Save and continue, indicating that this is an internal application on the last screen. Copy the Metadata URL from the Sign On Settings tab in your newly created Okta application and share this with your OneSchema representative.