Single Sign On

Single Sign On is enterprise feature that allows you to login users from your Identity Provider into Testomat.io. All new members will be auto-provisioned. If you reach limit of paid seats, all new members will be added as read-only. So no matter of how many peoples joined, you won't be charged more than your current plan. You can manage your seats, and specify which users should be active and which to be read-only on your Company Membersopen in new window page.

This guide shows how to set up SSO connection via SAML for various SAML providers

Prerequisites

  • You have a company in Testomat.io, and you are owner of this company.
  • Company is on an enterprise plan.
  • You have SAML identity provider like Okta or Google Workspace (formerly called G Suite)
  • You and all potential company members use emails from the same domain name (like: user1@companyname.com, user2@companyname.com, etc)

If you are ready, proceed to configure identity provider:

Okta

Okta authorization can be enabled via SAML. As a prerequisite a companyopen in new window for your domain should be created on Testomat.io.

Log in to Okta as Administrator and Create Application Integration

2022-10-06_11-52

Choose SAML 2 as sign-in method

2022-10-06_11-52_1

Set "Testomat.io" as the application name and click "Next"

image

In the next step, you need to set values for Single sign on URL:

https://app.testomat.io/users/saml/auth

and Audience URI (SP Entity ID):

https://app.testomat.io/users/saml/metadata

Alt text

Specify the Attribute Statements:

  • email should be set to user.email
  • name should be set to user.firstName + " " + user.lastName

2022-10-06_12-29

Click "Next" to proceed.

On the lastest step check I'm an Okta customer adding an internal app

2022-10-06_12-30

And finish the integration of application.

After interaction was saved click View SAML setup instructions

2022-10-06_12-31

The following information is needed to proceed with integration.

  • Identity Provider Single Sign-On URL
  • Identity Provider Issuer
  • X.509 Certificate

Alt text

Assign users to this application so they could join Testomat.io:

Alt text

Now, open Company page in Testomat.io and select Single Sign On options

Company Settings

If you don't see Single Sign On option, check that you are an owner of this company

Fill in the form:

  1. Company domain. This is required to identify SSO connection by user's email. Example: mycompany.com.
  2. Default Projects. Select projects to new users will be added to(optional).
  3. Enable SAML:

Alt text

  1. Set Identity Provider Issuer from Okta as IdP Entity ID
  2. Set Identity Provider Single Sign-On URL from Okta as Sign In URL
  3. Upload certificate.

Alt text

And save the form.

Now, use any assigned user from Okta to Log In into Testomat.io. Select "SSO" on the Sign In page, enter the email, and if everything is correct user will get inside Testomat.io, assigned to your company and added to default projects.

In case user sees 404 page on Okta, check that Single Sign-On URL was correctly set.

Google Workspace

Inside Google Admin open Apps > Web & Mobile Apps:

Alt text

Add Custom SAML App.

Use "Testomatio" as App Name and continue

Alt text

Copy the following information:

  • SSO URL
  • Entity ID
  • Certificate should be downloaded as file

And continue.

Alt text

On this step fill the form:

  • ACS URL: https://app.testomat.io/users/saml/auth
  • Entity ID: https://app.testomat.io/users/saml/metadata

Alt text

On the next page add attributes mappings:

  • Add email
  • Last name as last_name
  • First name as first_name

Alt text

Finish set up.

Now, open Company page in Testomat.io and select Single Sign On options

Company Settings

If you don't see Single Sign On option, check that you are an owner of this company

Fill in the form:

  1. Company domain. This is required to identify SSO connection by user's email. Example: mycompany.com.
  2. Default Projects. Select projects to new users will be added to(optional).
  3. Enable SAML:

Alt text

  1. Set Entity ID you copied previously as IdP Entity ID
  2. Set SSO URL you copied previously as Sign In URL
  3. Upload certificate.

Alt text

And save the form.

Now, use any assigned user from Okta to Log In into Testomat.io. Select "SSO" on the Sign In page, enter the email, and if everything is correct user will get inside Testomat.io, assigned to your company and added to default projects.