Articles in this section

See more

Setting up other SAML IdP (SSO)

Avatar
Chris
Updated
Follow

Objective

The purpose of this article is to provide direction to Outreach Admins in configuring a SAML IdP SSO. 

Outreach is now compatible with Single Sign On (SSO) applications like Okta, Salesforce, and Onelogin. This article is specific to connecting a SAML IdP other than Okta, Salesforce and Onelogin, but if you would like to connecting those applications, you can follow the hyperlinks below:

Applies To

Outreach users with:

  • The ability to create an application inside of your IdP
  • Outreach Admin Privileges
  • If the SSO Provider is Ping Federate, it must be configured to include Certification Keyinfo=True.

Procedure

Step 1. Create IdP application:

1.1 Create an application inside your IdP and use some “placeholder” values for the following typical settings:

  • ACS URL / Single Sign On URL (e.g. http://outreachfake.com)
  • Audience URI / Service Provider Entity ID (e.g. fake_change_later)

In step 3 below, you will come back to fill in the correct values for the above fields.

1.2 After creating the application inside your IdP, please take note of its “Issuer," “SP-Initiated POST Endpoint”, and the “Idp Certificate”. You will use them in Step 2.3 below.

Step 2. Create the Identity Provider inside Outreach Accounts

2.1 As an Outreach admin, navigate to the Org’s Setting page. Navigate to Sign and password options and click edit.Screen_Shot_2022-09-10_at_6.54.24_PM.png

2.2 If it is an org without Idp setup, click “Add Identity Provider”.

Image_2019-06-07_at_1.54.26_PM.png

2.3 Add the requested identity provider information

The information requested in this section is from step 1.2 above.

Image_2019-06-12_at_4.44.39_PM.png

Note: The above screenshot contains two advanced settings: "Use NameId Instead of Email" and "Enable just-in-time new user provision". We do NOT recommend checking these options unless the functions of each are understood and needed by your organization. You can read more on these advanced settings in Advanced Settings For Identity Provider (SSO)

2.4 Retrieve setup information from Outreach to put into your IdP provider

Now find the “Setup Info” section. Copy the  “Setup Info”: “ACS URL” and “Service Provider Entity ID” information. You will update the IdP application with this information in step 3 below.

Image_2019-06-10_at_2.20.07_PM.png

NOTE: This screenshot says “Okta”, but the screen will look similar for other other IdP applications.

Step 3. Update IdP application

Now go back to your IdP application you created in step 1, and update the application settings:

  • ACS URL / Single Sign On URL: Use the value for "(ACS) URL” from step 2.4
  • Audience URI / Service Provider Entity ID: Use the value for “Service Provider Entity ID” from step 2.4

Step 4. Enable SSO inside Outreach Accounts

4.1 Return to your Outreach account and click “Test” to see if the identity provider is set up correctly.

Image_2019-06-10_at_2.36.15_PM.png

If successful, you should see a success page. Please examine the “User email” and make sure it matches with user login email inside Outreach.

Image_2017-08-09_at_9.46.34_AM.png

4.2 Click “Back”, check “Enable”, and click “Save”.

Note: This screenshot says “Okta”, but the screen will look similar for other other IdP applications.

Image_2019-06-10_at_2.39.35_PM.png

Congrats! SSO is now enabled!



Related articles