An overview of SSO integration information for Conga Collaborate.
SAML enables you to log in to multiple software platforms from one central location, meaning you don’t have to remember multiple usernames and passwords. SAML will authenticate your accounts and enable your systems to communicate and to authenticate users from one to the other.
It’s also a powerful onboarding tool: Accounts can be set up automatically with auto user provisioning. Users can be mapped to Collaborate just by logging in using their Identity Providers credentials, instead of having to set up hundreds of user accounts within Collaborate.
Connecting From Collaborate
Follow these steps to connect SAML to your Collaborate account:
- Click on your User Drop down then select Administration.
- Click Integrations.
- Choose SAML from the Integrations menu.
- Click the checkbox next to Enable SAML.
- Fill out the following fields according to your Identity Provider’s (IdP) documentation:
- Provider Name – This field is for your reference so name it something familiar to you or any other Account Admins
- IDP SSO Target URL
- IDP Certificate Fingerprint – You can optionally upload a certificate provided by your IdP
- The remaining fields are optional and vary depending on individual IdPs. Please refer to your particular IdP’s documentation.
- Click Save Changes.
Alternatively, you can utilize the Metadata URL field to have Collaborate automatically pull the required information directly from your IdP. This URL would be provided by your IdP. The metadata file will contain all the required information about your particular IdP’s configuration.
Authentication: Collaborate will utilize the Subject NameID field within the SAML assertion to authenticate with the specific Collaborate user. Collaborate will match on an email address or username, but an email address is preferred. Please ensure you are passing NameID in the Subject or you will get the following error message: No associated Collaborate account was found. Please contact your account administrator.
Connecting from Your IDP
The SAML Configuration Information at the bottom of the SAML Integration page should contain the URLs that your IdP will require when setting up the integration.
Automatically Initiate SP Login: by enabling this setting your users navigating to the https://[accountname].octiv.com (or your custom domain) will be automatically redirected to your IdP login screen. If your users will only ever log into Collaborate through your IdP you should likely enable this option.
Auto-Provision users: by enabling this option Collaborate will automatically create users within your Collaborate account for any user that tries to log in and does not already match a current Collaborate user. Collaborate will make its best guess from the SAML Attributes provided and associate to the proper User fields within Collaborate. However, if you want to specify the actual fields to use, you can utilize the Attribute Mapping fields directly below the Auto-Provision Users setting
Using this integration through Collaborate and Salesforce (for example) makes Salesforce the Identity Provider (IdP). After you enable this integration, you see a separate link asking you to sign on using Salesforce. Entering your credentials confirms you as the user and redirects you to Collaborate.
After sign-in, you’re authenticated by SAML and have reached out to all service providers involved.
Using SAML can also auto-provision users in Collaborate, meaning that all accounts are managed via the identity provider. Use the auto-provision toggle to set this feature.
Because your email address is your user identification, you need to make sure you’re using the same one in all the systems you connect.
You can use any SAML 2.0 identity provider, including Salesforce, Microsoft ADFS, Okta, and Onelogin.
For more information on SAML integration, see SAML: Integrating with Conga Collaborate
Collaborate supports the Google oAuth2.0 protocol for authentication and authorization. See Google’s documentation on this here.