Remembering passwords can prove to be a difficult task when you are using a large number of tools that require you to sign-in every time. Thankfully, with the help of the SAML technology, you can minimize the time you spend on trying to recover your password in Kanbanize.
In this article you will find a step-by-step tutorial for OneLogin - a popular IDaaS (IDentity As A Service) provider. Here is what you need to do to set up the integration:
1. From your OneLogin dashboard go to Apps > Company Apps.
2. Click the ‘Add App’ button in the upper right corner.
3. Type ‘SAML’ in the search field and choose SAML Test Connector:
4. Give the app a proper name and click ‘Save’:
5. From the detailed app page, select the ‘Configuration’ tab:
6. There you need to fill in the following data:
RelayState: /ctrl_login/finish_saml_login
Audience: https://{subdomain}.kanbanize.com/
(beware the / at the end)
Recipient: https://{subdomain}.kanbanize.com/saml/acs
ACS (Consumer) URL Validator: ^https:\/\/{subdomain}\.kanbanize\.com\/saml\/acs\/$
ACS (Consumer) URL: https://{subdomain}.kanbanize.com/saml/acs
Single Logout URL: https://{subdomain}.kanbanize.com/saml/sls
Everywhere replace {subdomain} with your Kanbanize account’ subdomain. For example, if you access Kanbanize at https://acme.kanbanize.com your subdomain is acme.
In the end, the form should look like this:
7. Click ‘Save’ then go to the ‘Parameters’ tab.
8. Make sure that the value of NameID is Email.
9. Click ‘Save’ in the upper right corner to save all the changes you have made to the app so far.
10. (optional) Add two more parameters that hold the user’s first and last names.
With this the setup in OneLogin is complete! It’s time to move on to Kanbanize. But before you do that, switch to the ‘SSO’ tab – it contains information that you will need:
11. Now head over to your Kanbanize account, open the administration panel, and select Integrations > Applications > Single Sign-On:
12. Enable the toggle next to "Single Sign-On" and fill the fields on the right with the info from OneLogin like this:
Issuer URL goes to IdP Entity Id
SAML 2.0 Endpoint (HTTP) goes to IdP Login Endpoint
SLO Endpoint (HTTP) goes to IdP Logout Endpoint (fill this only if you want to enable Single Logout, too)
13. You don't need to fill Attribute name for Email. If you completed step 10, you can enter the names of the extra parameters in Attribute name for First Name and Attribute name for Last Name respectively. These will be used when a user logs in for the first time and an account is created for them (if you enable that from the checkbox below).
14. Back in OneLogin click ‘View Details’ under the certificate. A detailed page will open:
15. Copy the full certificate and paste it into the respective field in Kanbanize.
Disable Kanbanize login, only SSO login is applied for all users
Allow Kanbanize login for users with Account Owner privileges
Allow Kanbanize login for users with Manage Integrations privileges
Allow Kanbanize and SSO login for all users
17. There is a checkbox on the left "Automatically create a Kanbanize user for the unregistered emails upon login" that secures controlled access. If the setting is checked, it automatically creates a Kanbanize user for the unregistered emails upon login. When the setting is unchecked, you need to first send a Kanbanize email invitation to the user in order to be able to log in to the system using the SSO flow.
18. There is another checkbox "Sign outgoing messages". Turning it on will result in it Kanbanize signing authentication and log out requests, logout responses, and the metadata. You will find the public certificate in the metadata, which is located at https://<subdomain>.kanbanize.com/saml/metadata
19. Click ‘Save Settings’ and you are almost done!
20. The only thing left is to give users of your IdP access to Kanbanize. Start by going back to OneLogin and selecting ‘Users’ > ‘All Users’.
21. Select a user and switch to the ‘Applications’ tab:
22. Click the plus button in the upper right corner. A popup will appear – select the Kanbanize app and click ‘Continue’. You don’t need to change anything in the next popup so you can close it.
23. That’s it! Your user should now be able to log in to Kanbanize through your OneLogin account!
Be sure to try the integration and don’t hesitate to contact our support if you have any trouble.