Knowledge Base

⌘K
  1. Home
  2. Docs
  3. Knowledge Base
  4. Account Management
  5. SAML Single Sign On (SSO)

SAML Single Sign On (SSO)

Apptoto supports Security Assertion Markup Language (SAML) as a standard for Single Sign On (SSO).

To enable SAML, you must first create a “Group” account. If you would like to create a “Group” account, please contact support@apptoto.com.

Configuring SAML

Once you have a Group account established, and you are signed in as one of the Admins for your Group account, you can access your group’s SAML settings under Settings > Integrations > SAML Single Sign-On (SSO).

Configure SAML under Settings > Integrations > SML Single Sign-On (SSO)

To implement SSO:

  1. Navigate to Settings > Integrations > SAML Single Sign-on (SSO)
  2. Turn on SAML Enabled
  3. Enter your SAML SSO URL.
  4. Enter your SAML Certificate from your SAML server. X.509 certificates are supported and should be in PEM format.
  5. Click “Save SAML Settings”

Configure your SAML Service

You will now need to configure your SAML server to allow logins from Apptoto. This process will vary depending on the SAML service, however there are a few key pieces of information you may need to know. Including…

  • The SAML Assertion Consumer Service (ACS URL):
    • https://www.apptotostaging.com/saml/consume
  • Audience Restriction URL:
    • apptoto.com/saml/consume
  • SSO Method
    • SP (Service Provider) Initiated
  • Unique User Identifier:
    • Email

Logging in via SAML

Once you have enabled SAML in Apptoto and on your SAML server, you can try logging into Apptoto via SAML.

To do so, find the Apptoto Group Signup Page url on the Settings > Users tab here:

Apptoto group signup page once SAML has been enabled.

Copy that URL and paste it into the URL box of a different browser session. You should see this link available:

Once SAML is set up for a group account. the signup page will display an option to sign in with SAML SSO

Clicking that link will begin the Service Provider Initiated authentication flow.

If you authenticate using that authentication flow, you should be logged back into your Apptoto account. If the email address you authenticate with does not exist as a user in Apptoto, then a new user will be created in your Apptoto group account using the settings configured on the Settings > Users > Group Signup Page settings.

Requiring SAML SSO

If you would like your users to only be able to log into Apptoto using SAML, then turn on the “Require SAML SSO” on the Settings > Integrations > SAML Single Sign-On (SSO) tab.

NOTE: This setting applies to both admin and regular users. So make sure that you can sign into Apptoto via SAML before turning this on.