1. Help Hub
  2. User Guides - Centage
  3. Centage: SSO

Setting up SSO - OneLogin

Follow
Avatar
Centage Support

SSO (Single Sign On) authentication lets you access your company’s applications and websites with a single set of login credentials. Centage has now enabled you to include Centage in your SSO solution.

You can add Centage to your company’s SSO solution if you use any SAML 2.0 compliant identity providers, including:

  • Okta
  • OneLogin
  • RSASecurID
  • Idaptive
  • Ping
  • Microsoft Entra ID
  • CA Technologies
  • ... (and many more. Ask Centage Support.)

Your company has a designated SSO Admin user who can set up SSO for your company.

This document shows you, an SSO Admin, how to set up SSO for your company using OneLogin.

Setting up SSO with OneLogin

Step 1: Open your company’s OneLogin account. On the homepage, select Administration.

I1a.png

Step 2: On the Administration page, select the Users tab.

I4a.png

Step 3: On the Users page, hover over the More Actions dropdown menu and select Custom user fields.

I4b.png

Step 4: On the Custom User Fields page, click New User Field.

I4c.png

Step 5: A New User Field popup appears. Enter the following information in the fields provided:

  • Name – Enter CentageUserName in this field.
  • Shortname – Enter CentageUserName in this field.

Click Save.

A confirmation message appears.  Now, add Centage to your SSO solution as an app. 

Step 6: Now, add Centage as an app. Select the Applications tab.

I1b.png

Step 7: On the Applications page, in the top right, select Add Apps.

I1c.png

Step 8: In the search field, enter SAML. Select SAML Test  Connection (idP w/attr w/ sign response).

I1e.png

Step 9: Replace the default Display Name with Centage as the Display Name. Click Save.

Setting up the Connection

Step 1: On the SAML Test Connector (IdP w/attr w/ sign response) page, select the Configuration tab on the left.

Step 2: Under Configuration, enter the following information in the fields provided and leave the others blank:

I1g.png

  1. Audience – planning-maestro
  2. Recipienthttps://domainName.planningmaestro.com/saml/SSO
  3. ACS (Consumer) URL Validator* – ^https://domainName.planningmaestro.com/saml/SSO.*$
  4. ACS (Consumer) URL*https://domainName.planningmaestro.com/saml/SSO
  5. Click Save.
Info.png Please Note: In the URLs, replace “domainName” with the actual name for your company’s Planning Maestro account (often the name of your company). For example, the screenshots display the setup for a company named Paradventure, Inc., whose domain name is paradventureinc.

Step 3: Click on the Parameters tab.

Step 4: On the Parameters tab, click the Add icon ( Add_.png ).

I1m.png

Step 5: A New Field popup appears.

  • Enter the field name as CentageUserName.
  • Mark the Include in SAML assertion checkbox.
  • Click Save.

 

Step 6: Click on the dropdown menu under Value and select: CentageUserName (Custom)

Step 7: Click Save.

Step 8: Select the SSO tab.

I4h1.png

Step 9: On the SSO tab, under SAML Signature Algorithm, click on the dropdown menu and select SHA-256.

I1o.png

Step 10: Click Save.

I1q.png

Saving Your Issuer URL

When you set up SSO in Centage, you will need two pieces of information from OneLogin:

  1. Issuer URL (Planning Maestro calls this the “Metadata URL”)
  2. Recipient URL

On the SSO tab, copy and save the Issuer URL somewhere secure (you will need to use this later in Planning Maestro).

Info.png Please Note: When you set up SSO in Centage, you will need a Metadata URL. “Issuer URL” is OneLogin’s name for Metadata URL.

I1p.png

  • A confirmation message appears.
  • The SSO portal is created.
  • Now, select the Configuration tab to view and save your Recipient URL.

I1r1a.png

Save the URL in the Recipient field with the same place you saved your Issuer URL. You will need both your Issuer URL and Recipient URL to set up SSO in Centage.

I1r2.png

Now, use the following section to set up users who need to access Centage.

Assigning Users

Step 1: To enable specific users to access Centage through OneLogin’s SSO portal, in the top left, select Users.

Step 2: Select users from the available list.

Warning.png Please Note: If you want a user to access Centage who does not have a OneLogin account, you need to create the user’s profile in OneLogin before setting up their access to Centage.

 

I3b.png

Step 3: The user’s profile opens.

  1. Make sure the Username listed on this profile matches the user’s username in Centage.
  2. Make sure the CentageUserName matches the user’s username in Centage.
  3. Then, select the Applications tab on the left.

I3c.png

Step 4: The Applications tab opens. Click the Add icon ( Add_.png ).

I3a.png

Step 5: An Assign new login to [user] popup opens. Click the dropdown menu and select the Centage app.

Step 6: Click Continue.

Step 7: Confirm that this user’s CentageMaestroUserName is an exact character match with their Planning Maestro username and click Save.

I3f.png

Example.png Example: In the screenshot, Emma Employee’s CentageMaestroUserName is eemployee in both OneLogin and Centage.
  • A confirmation message appears.
  • The Centage app appears under Applications in the user’s profile.

Step 8: Click Save User.

A confirmation message appears.

I3i.png

On the Applications/SAML Test Connector (IdP w/ attr w/ sign response) page, on the Users tab, this user appears as one of the users who can access Planning Maestro through their OneLogin portal.

I3j.png

To assign more users to access Centage through OneLogin, repeat steps 1-5.

 

Assigning Users

 

Please Note: If a user is brand-new and does not yet have an OneLogin account, add them as a new user in OneLogin before proceeding with the steps below.

 

Follow the steps below to assign users from your company to access Centage through SSO.

 

  1. Select the Assignments tab on the Centage app page in OneLogin.
  2. On the Assignments tab, click Assign and select Assign to People from the dropdown menu.
  3. In the Assign Centage to People popup, click Assign next to the user you want to add.
  4. Confirm the user's work email appears in the User Name field, then click Save and Go Back.
  5. The popup returns to the user list. The assigned user now shows an Assigned button. Click Done when finished assigning all users.

 

Repeat Steps 1–4 for each additional user who needs access.

 

Once all users are assigned, the Assignments page lists everyone who can access Centage through your company's SSO solution.

 

Understanding Username Matching Requirements

 

Before confirming display names, it is important to understand how SSO authentication works. When a user logs in through OneLogin, OneLogin passes a username to Centage via the SAML assertion. Centage then compares that username against its own user records. If the values do not match exactly, the login will fail.

 

This means a user's name must match exactly across all three of the following locations:

 

Location Field Name Example Value
OneLogin User Display Name (Profile tab) firstname.lastname
OneLogin SSO Assignment Username passed via SAML assertion firstname.lastname
Centage Centage Username firstname.lastname

 

The username format used across all three locations is typically User.DisplayName — for example: jane.doe or John.Smith. Confirm the exact format used in your organization's Centage instance before assigning users.

 

All three values must be an exact, character-for-character match, including capitalization, punctuation, and spacing. Even a minor difference will prevent the user from logging in.

 

Common Mismatches to Watch For

 

  • Email format vs. display name format — e.g., jsmith@company.com in OneLogin vs. John.Smith in Centage
  • Capitalization differences — e.g., john.smith vs. John.Smith
  • Extra spaces before or after the name
  • A period or separator missing — e.g., JohnSmith vs. John.Smith

 

Confirming Display Names

 

Please Note: If you want to add users who are new to both OneLogin and Centage, first create them in OneLogin. Then assign those users to the Centage app using the steps in the Assigning Users section above.

 

For users who already exist in OneLogin, follow the steps below to verify that their OneLogin Display Name matches their Centage username. This must be confirmed for every assigned user.

 

  1. On the Centage app page in OneLogin, open the Assignments tab and click the name of any assigned user.
  2. The user's page opens. Select the Profile tab.
  3. On the Profile tab, click Edit.
  4. Scroll down to the Display Name field. Confirm that this value is an exact character-for-character match for the user's Centage Username (for example: Jane.Smith).
  5. If the Display Name needs to be updated, make the correction and scroll down to click Save. If the Display Name already matches, no changes are needed.

 

Repeat this process for each assigned user before proceeding.

 

Once you have confirmed all display names, proceed to Setting up SSO in Centage to use the Metadata URL and Recipient URL you saved from OneLogin to complete the SSO configuration.

 

Updating Expired SSO Certificate

Step 1 — Generate a New Certificate in OneLogin

  1. Log into your OneLogin Admin Console
  2. Go to Applications → Applications and open your Centage app
  3. Click the SSO tab
  4. Under X.509 Certificate, click Change and select Generate New Certificate (or choose an existing valid certificate from your cert pool)
  5. Click Save at the top of the page

⚠️ Note: OneLogin activates the new certificate immediately upon saving. Proceed to the next steps quickly to minimize disruption for your users.

Step 2 — Download the New Certificate

  1. After saving, return to the SSO tab
  2. Click View Details on the new certificate
  3. Download the certificate as a .pem file

Step 3 — Update the Certificate in Centage

  1. Log into Centage as an administrator
  2. Navigate to Admin → SSO Settings
  3. Replace the existing certificate with the newly downloaded one
  4. Save your changes

Step 4 — Test Your SSO Login

  1. Open a private/incognito browser window
  2. Navigate to your Centage login page
  3. Attempt to sign in via SSO
  4. Confirm you are authenticated successfully without any certificate errors
0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.

Articles in this section