SSO (Single Sign On) authentication allows you access your company’s applications and websites with a single set of login credentials.
Planning Maestro supports SSO authentication for any SAML 2.0 compliant identity providers. Please see below a list of just some of the identity providers that are compatible:
With SSO enabled, your company will need to designate an SSO Admin user who can set up SSO for your company.
This document shows you, the SSO Admin, how to set up SSO for your company using RSASecurID, Idaptive, Ping, CA Technologies.
Step 1: Open your SSO Provider account. Add Planning Maestro to the list of apps recognized by your SSO provider.
Step 2: Fill out the remaining required fields for the Planning Maestro app. These fields request information about the app itself.
- For any "application name" fields (might be called Audience, Entity ID, Audience Restriction, etc.)
Example from Okta (note that different SSO providers use different names for these fields):
- For any field that requests a URL (SSO Login URL, Recipient URL, Destination URL, etc.)
*(enter your Planning Maestro domain name in place of “domainname” in the URL).
Step 3: Enable all company users who require access to Planning Maestro to use the Planning Maestro app within this SSO solution.
When adding each user, ensure to include their Planning Maestro username by using the following steps:
- Add a custom user field named planningMaestroUserName and use it to send each user's Planning Maestro username that matches how their accounts were created within Planning Maestro.
Custom user field created for Planning Maestro username for Emma Employee (eemployee):
Please Note: During configuration with the SSO provider Azure AD, you have the option to add a namespace as a custom field. Please do not include a namespace here, only a Name and Attribute.
- (if you cannot add a custom field) use a displayName or username field.
Display name or Username field for Planning Maestro username when you cannot add a custom field:
Please Note: If their Planning Maestro usernames are not recorded in this SSO solution, these users cannot access Planning Maestro through SSO.
Step 4: Save the URL your SSO provider gives you for its portal.
Different providers call this URL different names, but it should look something like this: https://app.ssoprovider.com/saml/metadata/6bc5683c-647g-1uvo-hemf-7349j5n32op4
Example of a Metadata URL: OneLogin, an SSO provider, calls this URL the Issuer URL.
Step 5: Save your changes. Then, use Setting up SSO in Planning Maestro to finish.