Your CRM enables you to provide a single sign-on (SSO) for your users via the Secure Assertion Markup Language (SAML) and using enterprise identity providers such as Active Directory or LDAP.
Implementing SSO via SAML means that the user authentication is handled entirely outside of the CRM. Users can sign in to their corporate system normally (authenticated by Active Directory or LDAP for example) and then click a link in the system in order to access the CRM.
Your CRM will then automatically recognize the user and log them in, without asking the user to enter a different set of credentials (that would otherwise be needed in order to log in to the CRM).
By enabling SSO, users will have a more seamless experience using two systems, which to them may appear as a single system.
Additionally, your organization will have an added benefit of being able to manage users all in one place (e.g. in Active Directory or LDAP), as opposed to managing different user accounts for different systems individually.
Note that the SSO feature is available only for clients with an Enterprise plan.
In order to enable SSO in your CRM you will need to:
- Email firstname.lastname@example.org to have the feature enabled on your site (usually within 1-2 business days).
- Implement SAML by building an in-house SAML server or choosing an external SAML service such as Okta, OneLogin, or PingIdentity.
- Add the required user attributes for users who will be using the CRM
- Enable and configure SSO in the the CRM administration
There are many different ways in which SAML may be implemented and we recommend that you check out this page as a starting point:
To view the format of the metadata required by the CRM, open your SSO metadata page by using a link in the following format (replace "yourdomain" with your actual domain):
Adding User Attributes
In order to use SSO with your CRM, the following attributes must be set for each CRM user:
- username (the username that the user will go by in the CRM)
- class (any CRM user class such as Admin, Sales Rep, etc.)
The below screenshot provides an example of the attributes assigned to a CRM user:
Enabling SSO in the CRM
Once you have completed your SAML implementation and configured the CRM users' attributes, you can enable SSO in the CRM by going to Manage > Administration > SSO > SSO Settings.
On the Manage SSO Settings page which opens select the Enabled checkbox and fill in the required SSO settings.
An example of the SSO settings is provided in the below screenshot:
With the setup complete, your users can now start logging in using SSO either from your corporate system or from the the CRM login page by clicking on the SSO button:
- Returning visitors will be authenticated automatically if their SAML assertions are cached.
- If a user without an active CRM account logs into the CRM via SSO, a new account will be automatically created for them.