SSO - IT - Single Sign-On Application Setup

Andrew Sompels
Andrew Sompels
  • Updated

This article describes the steps involved, information needed, and order of operations to properly set up the OnBoard SSO application inside of your Identity Provider.  

About OnBoard SSO

When configured, any user in an organization's Directory will be prompted to sign in with SSO credentials. 

If SSO is required in an Organization's Security Settings, users can only access the organization with SSO credentials.

OnBoard supports SSO integrations with any identity provider (IdP) that uses the SAML protocol. OIDC protocols are not supported. 

If you run into any issues or have a question, please open a support ticket.

SSO Quick Overview

The general overview for configuring OnBoard SSO settings within onboard is outlined below:

Log in to OnBoard and click on Settings in the left navigation.

  1. Set up the organization's SSO email domain and confirm your email address
  2. Create the SSO display name and add the organization's Metadata URL or Metadata.
    1. Note: The IDP Metadata itself can be used in place of the IDP Metadata URL, but only one option, the IDP Metadata URL or IDP Metadata, can be used. 

To require SSO for all members of an organization, change the Sign-in requirement from SSO optional to SSO required. 

Azure AD 

  1.  Log in to your Azure Portal from https://portal.azure.com/ or the Microsoft 365 Admin Center at https://admin.microsoft.com.
     
  2. From Azure Portal, select Microsoft Entra ID and then go to Enterprise Applications.
    2025-10-07_11-39-42.png
    From the Microsoft 365 Admin Center, select Identity, and then select Enterprise apps.

    2025-10-07_11-44-16.png
     
  3. Click New Application.
    2025-10-07_12-03-54.png
     
  4. Select Create your own application. In the fly-out select Integrate any other application you don't find in the gallery (Non-gallery) and enter the name of the application (OnBoard).  Select Create.
    IT Create App.jpg
     
  5. Under Manage, select Single sign-on, and then select SAML from the single sign-on method options.
    2025-10-07_13-20-13.png
     
  6. Click the  button at the top right of the Basic SAML Configuration section.
    2025-10-07_13-22-56.png
     
  7. Select Add identifier under Identifier (Entity ID) and enter https://onboardmeetings.com.
     
  8. Select Add reply URL under Reply URL (Assertion Consumer Service URL) and enter: https://auth.onboardmeetings.com/Home/Saml2AssertionConsumerService 
     
  9. Save.
    2025-10-07_13-25-21.png
     
  10. Click Edit on the User Attributes & Claims section, select Unique User identifier (Name ID) and update Source attribute to "user.mail". Select Save.
    2025-10-07_13-33-45.png
     
  11. Under SAML Certificates,  copy the App Federation Metadata URL to import into OnBoard.

    2025-10-07_13-38-24.png
     
  12. If you would like to add the OnBoard logo to your SSO app, right-click and save the below images to download one of our Rectangular icons and Square icons.
    onboard-rect-logo.png    onboard-sq-logo.png

    Then under Manage, select Properties and user the folder icon to upload the logo. Select Save to save the logo after uploading.  
    2025-10-07_13-39-52.png

From the Admin side back in OnBoard:

  1. Log in to OnBoard and click on Settings in the left navigation
  2. Click on the Security tab at the top of the screen. 
  3. Click the toggle on the Enable SSO option.

     
  4. This will expand the SSO options, you'll then want to click on "Set Domain."

     

  5. Here you can enter the Sign-On Domain used for your SSO, and your Email Address, then click Next.

     

  6. On the next screen you'll be prompted for an Authentication Code:
    mceclip3.png

  7. To get that, we'll just want to check the inbox of the email address we entered for the prior step, which should receive an Authentication Code in the email. Copy this code:
    mceclip4.png
     
  8. And paste into the Code box, or manually enter the code if copying and pasting won't work. Then click Next.
    mceclip5.png
     
  9. This will return us to the Enable SSO options, and we can now click the "Configure Provider" button.

     
  10. Enter the Display Name. This usually would be something related to your organization.

     
  11. Paste in the App Federation Metadata URL into the IDP Metadata URL field. This will disable the IDP Metadata field since it is not necessary in this case. Then click the "Set Configuration" button.
    1. Note: The IDP Metadata itself can be used in place of the IDP Metadata URL, but only one option, the IDP Metadata URL or IDP Metadata, can be used. 



       

  12. To require SSO for all members of an organization, change the Sign-in requirement from SSO optional to SSO required. 

    1. IMPORTANT NOTES

      1. An organization Admin must first successfully sign in with SSO credentials before the SSO required option will be available.
      2. Setting SSO as required will require all users to access the organization through pre-existing SSO credentials.



       

  13. Share this article with your members to assist them with logging in with SSO: Logging in with Single Sign-On.

OneLogin

  1. Log in to your OneLogin account.
    mceclip30.png
     
  2. Go to the Administration panel (3 lined icon at the top left corner) and click on Applications, then Applications from the menu.
    mceclip31.png
     
  3. Click Add App at the top right of the page.
    mceclip32.png
     
  4. Search for "SAML Custom Connector" and click on "SAML Custom Connector (Advanced)" to add it.
    2025-10-07_15-32-45.png
     
  5. Set Display Name as OnBoard.
    mceclip34.png
     
  6. Right-click and save the below images to download one of our Rectangular icons and Square icons if you'd like the OnBoard logo to show up for the SSO app.
    onboard-rect-logo.png    onboard-sq-logo.png

     
  7. Upload the images to the corresponding spots.
    mceclip35.png
     
  8. Add a description if you'd like.
    mceclip36.png
     
  9. Click Save.
    mceclip37.png
     
  10. Go to Configuration in the left menu.
    mceclip38.png
     
  11. Set Audience (EntityID) to https://onboardmeetings.com.
    2025-08-04_15-58-19 copy.png
  12. For Recipient enter https://auth.onboardmeetings.com/Home/Saml2AssertionConsumerService
     
  13. For ACS (Consumer) URL Validator field enter https:/\/\auth\.onboardmeetings\.com/\Home/\Saml2AssertionConsumerService 
     
  14. For ACS (Consumer) URL field enter https://auth.onboardmeetings.com/Home/Saml2AssertionConsumerService 
     
  15. Click Save.
    2024-04-05_16-13-12.png
     
  16. Click on SSO in the left navigation.
    2025-10-07_15-36-04.png

  17. Copy the Issuer URL and SAML 2.0 Endpoint (HTTP) from the OneLogin setup to import into OnBoard.
    2024-04-08_12-18-39.png

From the Admin side back in OnBoard:

  1. Log in to OnBoard and click on Settings in the left navigation
     
  2. Click on the Security tab at the top of the screen. 
     
  3. Click the toggle on the Enable SSO option.

     
  4. This will expand the SSO options, you'll then want to click on "Set Domain."

     

  5. Here you can enter the Sign-On Domain used for your SSO, and your Email Address, then click Next.

     

  6. On the next screen you'll be prompted for an Authentication Code:
    mceclip3.png
  7. To get that, we'll just want to check the inbox of the email address we entered for the prior step, which should receive an Authentication Code in the email. Copy this code:
    mceclip4.png
     
  8. And paste into the Code box, or manually enter the code if copying and pasting won't work. Then click Next.
    mceclip5.png
     
  9. This will return us to the Enable SSO options, and we can now click the "Configure Provider" button.

     
  10. Enter the Display Name. This usually would be something related to your organization.

     
  11. Paste in the App Federation Metadata URL into the IDP Metadata URL field. This will disable the IDP Metadata field since it is not necessary in this case. Then click the "Set Configuration" button.
    1. Note: The IDP Metadata itself can be used in place of the IDP Metadata URL, but only one option, the IDP Metadata URL or IDP Metadata, can be used. 



       

  12. To require SSO for all members of an organization, change the Sign-in requirement from SSO optional to SSO required. 

    1. IMPORTANT NOTES

      1. An organization Admin must first successfully sign in with SSO credentials before the SSO required option will be available.
      2. Setting SSO as required will require all users to access the organization through pre-existing SSO credentials.



       

  13. Share this article with your members to assist them with logging in with SSO: Logging in with Single Sign-On.


Okta

  1. Log in to your Okta account.
     
  2. Click on Admin button at the top right.
    mceclip0.png
     
  3. Click on the Okta menu button at the top left corner.mceclip1.png
     
  4. Expand Applications in the menu, then click Add Applications.
    mceclip2.png
     
  5. Click on Create App Integration.
    mceclip3.png
     
  6. Set the Sign-in method should be set to SAML 2.0, then click Next.
    mceclip4.png
     
  7. For App Name, enter OnBoard.
    mceclip5.png
     
  8. For the App Logo, right-click and save the below image to download one of our Rectangular icons if you'd like the OnBoard logo to show up for the SSO app.
    onboard-rect-logo.png
     
  9. Click Upload New icon and upload the App Logo.
    mceclip6.png 
  10. Click Next.
    mceclip7.png
  11. For Single sign on URL enter https://auth.onboardmeetings.com/Home/Saml2AssertionConsumerService
    mceclip8.png

     
  12. Set Audience URI (SP Entity ID) of https://onboardmeetings.com.
    2025-08-04_16-06-10.png

     
  13. Click Show Advanced Settings to expand.
    mceclip10.png

     
  14. Set Response to Signed.

     
  15. Assertion Signature should be set to Signed.

     
  16. Set Assertion Encryption to Unencrypted.
    mceclip14.png

     
  17. Scroll all the way down and click on Next.
    mceclip12.png

     
  18. Select "I'm an Okta customer adding an internal app."

     
  19. Check "This is an internal app that we have created."

     
  20. Click Finish.
    mceclip13.png

     
  21. Click on the Sign On tab and click the "View Setup Instructions" button.
    mceclip15.png

     
  22. Copy the Identity Provider Single Sign-On URL issued from the "View Setup Instructions" to import into OnBoard.
    mceclip16.png

     

From the Admin side back in OnBoard:

  1. Log in to OnBoard and click on Settings in the left navigation

     
  2. Click on the Security tab at the top of the screen. 

     
  3. Click the toggle on the Enable SSO option.

     
  4. This will expand the SSO options, you'll then want to click on "Set Domain."

     

  5. Here you can enter the Sign-On Domain used for your SSO, and your Email Address, then click Next.

     

  6. On the next screen you'll be prompted for an Authentication Code:
    mceclip3.png

  7. To get that, we'll just want to check the inbox of the email address we entered for the prior step, which should receive an Authentication Code in the email. Copy this code:
    mceclip4.png

     
  8. And paste into the Code box, or manually enter the code if copying and pasting won't work. Then click Next.
    mceclip5.png

     
  9. This will return us to the Enable SSO options, and we can now click the "Configure Provider" button.

     
  10. Enter the Display Name. This usually would be something related to your organization.

     
  11. Paste in the Identify Provider Single Sign-On URL from step 22 above into the IDP Metadata URL field. This will disable the IDP Metadata field since it is not necessary in this case. Then click the "Set Configuration" button.
    1. Note: The IDP Metadata itself can be used in place of the IDP Metadata URL, but only one option, the IDP Metadata URL or IDP Metadata, can be used. 



       

  12. To require SSO for all members of an organization, change the Sign-in requirement from SSO optional to SSO required. 

    1. IMPORTANT NOTES

      1. An organization Admin must first successfully sign in with SSO credentials before the SSO required option will be available.
      2. Setting SSO as required will require all users to access the organization through pre-existing SSO credentials.



       

  13. Share this article with your members to assist them with logging in with SSO: Logging in with Single Sign-On. 

Setting Up IdP Initiated SSO (optional)

If your organization would like to also set up IdP initiated SSO, you will be able to do so through the following.

Step 1: Copy Your Organization ID

  1. To locate your Organization ID, select your name or image at the bottom left corner of the screen. 
  2. Select Organization & User ID from the menu.
  3. Select the Copy Icon next to Organization ID

2024-12-10_15-03-59.png

Step 2: Input Organization ID code into Default Relay State field

  1. Create the Organization ID Code by entering the copied Organization ID into the italicized area in the code below:
    • OrganizationId=<Your Organization's ID>
  2. Enter the code created above into the Default Relay State field in your IdP.

blobid0.jpg

This should facilitate the ability to log in to OnBoard from your identity provider. 

Was this article helpful?

0 out of 0 found this helpful

Have more questions? Submit a request

Comments

0 comments

Article is closed for comments.