Set up single sign on

From Activepedia
Jump to navigation Jump to search

```mediawiki Navigation: Main_Page > Settings > Security > Set up single sign-on

Set up single sign-on for your ActiveCampaign account[edit | edit source]

Introduction[edit | edit source]

Single sign-on (SSO) is a vital feature for organizations looking to enhance their user experience and security. With SSO, users can access multiple applications, including ActiveCampaign, using a single set of credentials provided by an identity provider (IdP). This eliminates the need to manage multiple usernames and passwords, thus streamlining the login process.

In the context of ActiveCampaign, setting up SSO allows admins to integrate with various SAML (Security Assertion Markup Language) compliant identity providers such as Okta or Microsoft Entra ID (Azure AD). This feature is particularly crucial for businesses utilizing a corporate network that requires secure and efficient access to applications.

With this feature, organizations gain tighter control over user authentication, and improve compliance with corporate security policies. The ability to enforce SSO can reduce potential vulnerabilities associated with using separate login credentials for each service.

How to Access This Feature[edit | edit source]

To set up SSO in ActiveCampaign, you must have admin privileges within your account. Follow these steps to access the SSO settings:

  1. Log into your ActiveCampaign account as an Admin user.
  2. Navigate to the Settings by clicking on the gear icon.
  3. Select the Security option from the menu.
  4. Find the Single Sign-On option to begin the setup process.

Step-by-Step Instructions[edit | edit source]

Setting up SSO involves several specific steps depending on the identity provider you choose. Below are general instructions for connecting your ActiveCampaign account to a SAML-based identity provider:

General Instructions for SAML-Based Identity Provider[edit | edit source]

1. Log in to your identity provider’s account and create a new application. 2. In a new tab, log into your ActiveCampaign account as Admin. 3. Click on Settings (gear icon) > Security. 4. Locate the Single Sign-On toggle and set it to On. 5. Choose your desired Sign In Method from the dropdown options: 

  - **Hybrid Login**: Allows users to use SSO or Email and Password.
  - **Enforce Single Sign-on**: Requires users to log in using SSO only.

6. Enter the name of the identity provider in the Name of Secure Login Provider field. 7. Copy the Sign-on URL and paste it into your identity provider's settings where required. 8. Copy the Audience URI (SP Entity ID) and paste it into your identity provider's settings. 9. Locate the SAML metadata in your identity provider's settings. Copy and paste this metadata into the SAML metadata field in ActiveCampaign. 10. Click the Save button to complete the setup.

Configuration Options and Settings[edit | edit source]

When configuring SSO, there are several settings to be aware of:

  • **Sign In Method**: Choose between Hybrid login or Enforce Single Sign-on based on your organization's preferences.
  • **Name of Secure Login Provider**: Specify a defining title for your IdP.
  • **Sign-on URL**: The URL provided by your identity provider for SSO to function correctly.
  • **Audience URI (SP Entity ID)**: This serves as a key identifier for your ActiveCampaign account in the SSO integration.
  • **SAML Metadata**: Including the SAML metadata allows your identity provider to communicate seamlessly with ActiveCampaign.

Best Practices and Tips[edit | edit source]

- Always test your SSO setup before logging out of ActiveCampaign. This ensures that your settings are correctly configured and reduces the risk of being locked out of your account. - Instruct your users on how to access ActiveCampaign via the identity provider to minimize confusion. - Consider enforcing re-authentication for each login to increase security when using an identity provider. - Regularly review your SSO configuration and user assignments to ensure compliance and security are maintained.

Common Use Cases with Examples[edit | edit source]

1. **Corporate Environments**: A business using Microsoft Entra ID can simplify logins for all employees by configuring SSO, allowing them to access ActiveCampaign after logging in via their corporate credentials. 2. **Security-Focused Organizations**: Firms that value data security could implement two-factor authentication alongside SSO to further enhance user protection. 3. **Educational Institutions**: Schools using a centralized IdP can streamline access for students and faculty, ensuring seamless entry into learning management systems and ActiveCampaign for marketing communications.

Troubleshooting Section[edit | edit source]

In case of issues during the SSO setup or login:

- Check that all required fields are filled out correctly, especially the **Sign-on URL** and **Audience URI**. - Verify that the metadata from the identity provider has been pasted accurately into ActiveCampaign. - Ensure all users are assigned correctly within your identity provider's application configurations. - If users experience login issues, have them check their credentials and attempt using a different browser or incognito mode.

Related Features[edit | edit source]

- Automations: Streamline user engagement following successful logins. - User Management: Organize contact groups and permissions for users authenticated through SSO. - Security Settings: Maintain overall account security measures alongside SSO.

FAQ[edit | edit source]

Q1: What happens if I forget to test the SSO settings after configuration? A1: Not testing your SSO settings can result in users being locked out of their accounts if configurations are incorrect.

Q2: Can I still use passwords with SSO? A2: Yes, if you choose the **Hybrid Login** method, users can utilize both SSO and traditional login methods.

Q3: What identity providers are supported for SSO? A3: ActiveCampaign supports various SAML providers including Okta, Auth0, Microsoft Entra ID (Azure AD), and OneLogin.

Q4: Will activating SSO affect my two-factor authentication? A4: No, activating SSO will not interfere with two-factor authentication settings already in place.

Q5: How do I troubleshoot an SSO login error? A5: Ensure that the configuration settings are correct and that all users have the appropriate permissions assigned within the identity provider’s application.

Q6: Can I revert to regular logins after setting up SSO? A6: Yes, by changing the Sign In Method back to traditional email and passwords in your ActiveCampaign settings.

Q7: Are there any material requirements for setting up SSO? A7: Yes, a SAML-compliant identity provider is necessary for SSO functionality to work with your ActiveCampaign account.

By following this comprehensive guide, administrators can efficiently set up and manage single sign-on authentication for ActiveCampaign, thus enhancing both security and user experience. ```

Retrieved from "https://activepedia.com/index.php?title=Set_up_single_sign_on&oldid=208"