This feature is available in our paid editions. Contact us here, and we'll be delighted to assist you!

Enforcing SSO

You can enforce SSO by specifying the domain. As part of the SSO configuration, you have the option to disable email and user login. This ensures that all authentication is routed through the designated SSO provider.

Supported SSO Providers

You can enable various SSO providers, including Google and GitHub, to integrate with your system by configuring SSO.

Google:

1

Go to the Developer Console

2

Create an OAuth2 App

3

Copy the Redirect URL from the Configure Screen into the Google App

4

Fill in the Client ID & Client Secret in Activepieces

5

Click Finish

GitHub:

1

Go to the GitHub Developer Settings

2

Create a new OAuth App

3

Fill in the App details and click Register a new application

4

Use the following Redirect URL from the Configure Screen

5

Fill in the Homepage URL with the URL of your application

6

Click Register application

7

Copy the Client ID and Client Secret and fill them in Activepieces

8

Click Finish

SAML with OKTA:

1

Go to the Okta Admin Portal and create a new app

2

Select SAML 2.0 as the Sign-on method

3

Fill in the App details and click Next

4

Use the following Single Sign-On URL from the Configure Screen

5

Fill in Audience URI (SP Entity ID) with 'Activepieces'

6

Add the following attributes (firstName, lastName, email)

7

Click Next and Finish

8

Go to the Sign On tab and click on View Setup Instructions

9

Copy the Identity Provider metadata and paste it in the Idp Metadata field

10

Copy the Signing Certificate and paste it in the Signing Key field

11

Click Save

SAML with JumpCloud:

1

Go to the JumpCloud Admin Portal and create a new app

2

Create SAML App

3

Copy the ACS URL from Activepieces and paste it in the ACS urls

4

Fill in Audience URI (SP Entity ID) with 'Activepieces'

5

Add the following attributes (firstName, lastName, email)

6

Include the HTTP-Redirect binding and export the metadata

JumpCloud does not provide the HTTP-Redirect binding by default. You need to tick this box.

Make sure you press Save and then Refresh the Page and Click on Export Metadata

Please Verify Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" inside the xml.

After you export the metadata, paste it in the Idp Metadata field.

7

Copy the Certificate and paste it in the Signing Key field

Find the <ds:X509Certificate> element in the IDP metadata and copy its value. Paste it between these lines:

-----BEGIN CERTIFICATE-----
[PASTE THE VALUE FROM IDP METADATA]
-----END CERTIFICATE-----
8

Make sure you Assigned the App to the User

9

Click Next and Finish

Project Permissionsi18n Translations