Access & Authentication

SAML Implementation Checklist

IdP and SP or IdP only initiated login:

  • If you wish to have your users directed to your IdP for authentication from the ProdPad login page, set your SAML authentication type to IdP & SP login and make sure your domain(s) are added to you DNS record and verified in advance.
  • If you do not want to verify your domain(s), select the IdP only login when creating your SAML authentication type. Your IdP will need to be able to provide an apps dashboard so that your users can directed to ProdPad.
  • If a user attempts to login via the ProdPad login page when IdP only login has been initiated they will see an error. If there are no verified domains they will not be prompted to login via the IdP.

Existing users:

  • Ensure existing users know their passwords, or if using Google or Slack SSO previously set one (using password reset steps. When logging in for the first time, as a security measure, existing users are directed to enter their password to link their IdP profile with to their ProdPad username. This is on initial login only.
  • Ensure any other SSO authentication types have been removed once SAML has been set up to avoid issues with the user authentication flow. Please contact us to help you with the migration if you're ready to initiate the process.

Customers with multiple accounts:

  • Admins users setting up the authentication must be an admin on all associated accounts.
  • Ensure you have set a users primary account, if associating other accounts and not sending account ID in the SAML assertion.
  • Assign only one account ID to the attribute in the users IdP profile, any value other than a singular account ID will create the user on the account the SAML authentication was created on.
  • SCIM integration for multiple accounts is not yet fully supported, check back later for this!

Comments