The purpose of this article is to describe the steps involved, information needed, and order of operations to properly set up the OnBoard SSO application inside of your Identity Provider.  

OnBoard supports SSO integrations with any identity provider (IdP) that uses the SAML protocol, including Azure AD, Okta, OneLogin, and OpenAM.

If you run into any issues or have a question, please open a support ticket.

Update: 12/11/25

Web Browser Logins

Any user in your Directory will be prompted to sign in with SSO when signing in on the web browser, regardless of the email domain configured in the SSO settings. 

Mobile App Logins

Users signing in on the mobile apps will only be prompted to sign in with SSO if there email address shares the email domain configured in the SSO settings. However, any user can sign in with SSO after first signing in with their OnBoard ID and password by selecting Sign in with SSO option on the organization's tile on the organization selection screen. 

For more information about signing in with SSO, please review the How to Sign in using Single Sign-On (SSO) article. 

SSO Quick Overview

The general overview for the OnBoard SSO settings can be viewed below:

Azure AD 
 

1.  Log in to your Azure Portal from https://portal.azure.com/ or the Microsoft 365 Admin Center at https://admin.microsoft.com.
   
    
2. From Azure Portal, select Microsoft Entra ID and then go to Enterprise Applications.
   
   From the Microsoft 365 Admin Center, select Identity, and then select Enterprise apps.
   
   
   
    
3. Click New Application.
   
   
    
4. Select Create your own application. In the fly-out select Integrate any other application you don't find in the gallery (Non-gallery) and enter the name of the application (OnBoard).  Select Create.
   
    
5. Under Manage, select Single sign-on, and then select SAML from the single sign-on method options.
   
   
    
6. Click the  button at the top right of the Basic SAML Configuration section.
   
   
    
7. Select Add identifier under Identifier (Entity ID) and enter https://onboardmeetings.com.
   
    
8. Select Add reply URL under Reply URL (Assertion Consumer Service URL) and enter: https://auth.onboardmeetings.com/Home/Saml2AssertionConsumerService 
   
    
9. Save.
   
   
    
10. Click Edit on the User Attributes & Claims section, select Unique User identifier (Name ID) and update Source attribute to "user.mail". Select Save.
    
    
    
     
11. Under SAML Certificates,  copy the App Federation Metadata URL to import into OnBoard.
    
    
    
     
12. If you would like to add the OnBoard logo to your SSO app, right-click and save the below images to download one of our Rectangular icons and Square icons.
       
    
    Then under Manage, select Properties and user the folder icon to upload the logo. Select Save to save the logo after uploading.  
    
    

From the Admin side back in OnBoard:

1. Log in to OnBoard and click on Settings in the left navigation
   
    
2. Click on the Security tab at the top of the screen. 
   
    
3. Click the toggle on the Enable SSO option.
   
   
    
4. This will expand the SSO options, you'll then want to click on "Set Domain."
   
   
   
    
5. Here you can enter the Sign-On Domain used for your SSO, and your Email Address, then click Next.
   
   
    
6. On the next screen you'll be prompted for an Authentication Code:
   
   
7. To get that, we'll just want to check the inbox of the email address we entered for the prior step, which should receive an Authentication Code in the email. Copy this code:
   
   
   
    
8. And paste into the Code box, or manually enter the code if copying and pasting won't work. Then click Next.
   
   
   
    
9. This will return us to the Enable SSO options, and we can now click the "Configure Provider" button.
   
   
    
10. Set the Authentication Framework to SAML, and your Provider to Azure AD, then click Next.
    
    
     
11. Enter the Display Name. This usually would be something related to your organization. 
    
     
12. Paste in the App Federation Metadata URL into the IDP Metadata URL field. This will disable the IDP Metadata field since it is not necessary in this case. Then click the "Set Configuration" button.
    
     
13. If you would like to Enforce the SSO login for the organization, check the Enforce SSO for this organization option. 
    Important Note: Enforcing SSO for the organization will require all users to access the organization through their pre-existing SSO credentials.
    
    
     
14. Share this article with your members to assist them with logging in with SSO: Logging in with Single Sign-On.

OneLogin

1. Log in to your OneLogin account.
   
   
    
2. Go to the Administration panel (3 lined icon at the top left corner) and click on Applications, then Applications from the menu.
   
   
    
3. Click Add App at the top right of the page.
   
   
    
4. Search for "SAML Custom Connector" and click on "SAML Custom Connector (Advanced)" to add it.
   
   
    
5. Set Display Name as OnBoard.
   
   
    
6. Right-click and save the below images to download one of our Rectangular icons and Square icons if you'd like the OnBoard logo to show up for the SSO app.
      
   
   
    
7. Upload the images to the corresponding spots.
   
   
    
8. Add a description if you'd like.
   
   
    
9. Click Save.
   
   
    
10. Go to Configuration in the left menu.
    
    
     
11. Set Audience (EntityID) to https://onboardmeetings.com.
    
    
12. For Recipient enter https://auth.onboardmeetings.com/Home/Saml2AssertionConsumerService
    
     
13. For ACS (Consumer) URL Validator field enter https:/\/\auth\.onboardmeetings\.com/\Home/\Saml2AssertionConsumerService 
    
     
14. For ACS (Consumer) URL field enter https://auth.onboardmeetings.com/Home/Saml2AssertionConsumerService 
    
     
15. Click Save.
    
    
     
16. Click on SSO in the left navigation.
    
    
    
17. Copy the Issuer URL and SAML 2.0 Endpoint (HTTP) from the OneLogin setup to import into OnBoard.
    
     

From the Admin side back in OnBoard:

1. Log in to OnBoard and click on Settings in the left navigation
   
    
2. Click on the Security tab at the top of the screen. 
   
    
3. Click the toggle on the Enable SSO option.
   
   
    
4. This will expand the SSO options, you'll then want to click on "Set Domain."
   
   
    
5. Here you can enter the Sign-On Domain used for your SSO, and your Email Address, then click Next.
   
   
    
6. On the next screen you'll be prompted for an Authentication Code:
   
   
7. To get that, we'll just want to check the inbox of the email address we entered for the prior step, which should receive an Authentication Code in the email. Copy this code:
   
   
   
    
8. And paste into the Code box, or manually enter the code if copying and pasting won't work. Then click Next.
   
   
   
    
9. This will return us to the Enable SSO options, and we can now click the "Configure Provider" button.
   
   
    
10. Set the Authentication Framework to SAML, and your Provider to OneLogin, then click Next.
    
    
     
11. Enter the Display Name. This usually would be something related to your organization. 
    
     
12. Paste in the App Federation Metadata URL into the IDP Metadata URL field. This will disable the IDP Metadata field since it is not necessary in this case. Then click the "Set Configuration" button.
    
     
13. If you would like to Enforce the SSO login for the organization, check the Enforce SSO for this organization option. 
    Important Note: Enforcing SSO for the organization will require all users to access the organization through their pre-existing SSO credentials.
    
    
     
14. Share this article with your members to assist them with logging in with SSO: Logging in with Single Sign-On.

Okta

1. Log in to your Okta account.
   
    
2. Click on Admin button at the top right.
   
   
    
3. Click on the Okta menu button at the top left corner.
   
    
4. Expand Applications in the menu, then click Add Applications.
   
   
    
5. Click on Create App Integration.
   
   
    
6. Set the Sign-in method should be set to SAML 2.0, then click Next.
   
   
    
7. For App Name, enter OnBoard.
   
   
    
8. For the App Logo, right-click and save the below image to download one of our Rectangular icons if you'd like the OnBoard logo to show up for the SSO app.
   
   
   
    
9. Click Upload New icon and upload the App Logo.
   
   
    
10. Click Next.
    
11. For Single sign on URL enter https://auth.onboardmeetings.com/Home/Saml2AssertionConsumerService
    
    
     
12. Set Audience URI (SP Entity ID) of https://onboardmeetings.com.
    
    
     
13. Click Show Advanced Settings to expand.
    
    
     
14. Set Response to Signed.
    
     
15. Assertion Signature should be set to Signed.
    
     
16. Set Assertion Encryption to Unencrypted.
    
    
     
17. Scroll all the way down and click on Next.
    
    
     
18. Select "I'm an Okta customer adding an internal app."
    
     
19. Check "This is an internal app that we have created."
    
     
20. Click Finish.
    
    
     
21. Click on the Sign On tab and click the "View Setup Instructions" button.
    
    
     
22. Copy the Identity Provider Single Sign-On URL issued from the "View Setup Instructions" to import into OnBoard.
    
    
     

From the Admin side back in OnBoard:

1. Log in to OnBoard and click on Settings in the left navigation
   
    
2. Click on the Security tab at the top of the screen. 
   
    
3. Click the toggle on the Enable SSO option.
   
   
    
4. Set the Authentication Framework to SAML, and your Provider to Okta.
   
   
    
5. Here you can enter the Sign-On Domain used for your SSO, and your Email Address, then click Next.
   
   
    
6. On the next screen you'll be prompted for an Authentication Code:
   
   
   
7. To get that, we'll just want to check the inbox of the email address we entered for the prior step, which should receive an Authentication Code in the email. Copy this code:
   
   
    
8. And paste into the Code box, or manually enter the code if copying and pasting won't work. Then click Next.
   
   
    
9. This will return us to the Enable SSO options, and we can now click the "Configure Provider" button.
   
   
    
10. Set the Authentication Framework to SAML, and your Provider to Okta, then click Next.
    
     
11. Enter the Display Name. This usually would be something related to your organization. 
    
     
12. Paste in the Identify Provider Signle Sign-On URL from step 22 above into the IDP Metadata URL field. This will disable the IDP Metadata field since it is not necessary in this case. Then click the "Set Configuration" button.
    
     
13. If you would like to Enforce the SSO login for the organization, check the Enforce SSO for this organization option. 
    Important Note: Enforcing SSO for the organization will require all users to access the organization through their pre-existing SSO credentials. 
    
    
     
14. Share this article with your members to assist them with logging in with SSO: Logging in with Single Sign-On.
     

Setting Up IdP Initiated SSO (optional)

If your organization would like to also set up IdP initiated SSO, you will be able to do so through the following.

Step 1: Copy Your Organization ID

1. To locate your Organization ID, select your name or image at the bottom left corner of the screen. 
2. Select Organization & User ID from the menu.
3. Select the Copy Icon next to Organization ID

Step 2: Input Organization ID code into Default Relay State field

1. Create the Organization ID Code by entering the copied Organization ID into the italicized area in the code below:
   • OrganizationId=<Your Organization's ID>
2. Enter the code created above into the Default Relay State field in your IdP.

This should facilitate the ability to log in to OnBoard from your identity provider.